Hacker News new | past | comments | ask | show | jobs | submit login

Forgive me if this is a poor question. I need to study up on my cryptography a little more...

Would salting both of these messages lead to md5 hashes that no longer match?




Yes, if they were given different salts. But the attack model for password authentication is very different (e.g. there's usually only one salt in play and the attacker doesn't get to choose salt or password he's trying to crack). So the collision attacks on MD5 don't seem obviously relevant.

Even with salting MD5 is still far too efficient to compute to be strong for password hashing. It could be combined in an iteration framework which made it secure, but there are plenty of other hash functions (with better reputations) that would be a better choice.


If the salts are different, it will definitely change.

On the other hand, using the same salt twice will change the hash if it's put before the data, but not if it's put after the data.

Given an MD5 collision, you can apply a common suffix and still have a hash collision. Applying a common prefix changes the state the hash process is in when it reaches the colliding data and this breaks the collision.


Good to know. Thank you =)




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: