My guess is that would be safe for our lifetime…

One PS3 is 300$, they used 200 of them which makes 60.000$. They could have bought 3 times the EC2 time and then be over with it, i really hope the ps3 found a good home after the test finished. Good work though.

yeah, most of us can’t :-/

md5 is dead.

The NSA’s tweak appears to be justified. See, for example, http://en.wikipedia.org/wiki/SHA#SHA-0_and_SHA-1

However, I’d tend to avoid SHA-1 anyway. It’s been shown to be a bit flawed, and I don’t really see any barrier to adoption of SHA-256. Work is beginning on SHA-3 — it’s long past time to ditch even SHA-1.

The vulnerability we expose is not in the SSL protocol or the web servers and browsers that implement it, but in the Public Key Infrastructure. This infrastructure has applications in other areas than the web, but we have not investigated all other possible attack scenarios. So other attack scenarios beyond the web are conceivable, such as in the areas of code signing, e-mail security, and in other areas that use certificates for enabling digital signatures or public key encryption.

A leer más, chicos!!!

That doesn’t change what I said. MD5 was developed to be a hash. They knew that there would be collisions. This was accepted. MD5 was never broken. This doesn’t break MD5. This shows that MD5 works the way it’s been expected to work. MD5 does not generate a unique hash for every unique input. That is impossible. That was never the point of MD5. MD5 is not an encryption. It’s a way to encode something, pass a short string (the hash) and you can then quickly check if the encoded string is probably correct.

To use an example. You have a password on your system. The system stores the password and the MD5 hash of the password. When you enter a password on your system, it first generates an MD5 of the inputed password and compares that to the stored MD5. This is a very fast comparison for various reasons that we don’t need to get into. If the hashes dont’ match, you return invalid password. If the hashes do match you can either then do the slower comparison and confirm that the inputted and stored passwords match.

That is how MD5 is supposed to be used (one of the ways at least).

Or you send data appended with an MD5 hash generated by the data and a secret key (like the timestamp of the send). The recieving end has bot the data and the secret key and can calc a new MD5 hash and use that as a quick check that the data most likely has arrived correctly.

MD5 was never expected to be a 1 for 1, unique hash for every possible input. That’s impossible. They’ve known that for years. It was always just good enough. This doesn’t break anything because there was never anything to break (with regard to MD5).