Hacker News new | past | comments | ask | show | jobs | submit login

Yes, if they were given different salts. But the attack model for password authentication is very different (e.g. there's usually only one salt in play and the attacker doesn't get to choose salt or password he's trying to crack). So the collision attacks on MD5 don't seem obviously relevant.

Even with salting MD5 is still far too efficient to compute to be strong for password hashing. It could be combined in an iteration framework which made it secure, but there are plenty of other hash functions (with better reputations) that would be a better choice.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: