> Passing the password through MD5 reduces the complexity to 128 bits No, this i... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

danielweber on Dec 15, 2016 | parent | context | favorite | on: Yahoo discloses hack of 1B accounts

> Passing the password through MD5 reduces the complexity to 128 bits

No, this is not the problem with MD5. You are not going to find two user-memorizeable-and-typeable passwords with an MD5 collision.

If you are bringing a password with more than 128 bits of complexity to the party, any password storage scheme better than plaintext will have your password safe.

leereeves on Dec 15, 2016 [–]

For passwords, there is no known problem with MD5, unless you know about a preimage attack.

Collisions are a problem for digital signatures, not for passwords.

But some people do want and use more than 2^128 bit passwords, for whatever reason, and an MD5 intermediate stage limits that.

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact