Posts Tagged crypto

md5 and sha1

MD5 and SHA1 are known to be secure hash generator. But you may have heard that MD5 has been broken in 2005. I’ve found an interesting article that shows how md5 collides, nice reading, this generates sain or evil binaries that have the same MD5.
Also, here you can see MD5 collisions visualised.

MD5 and SHA1 are often used to generate password, and we don’t really mind if there are collisions or not, because programs stores the generated hash and with that hash we aren’t able to find the source string. But for a given string the generated hash will always be the same, so we can generate a database of MD5 and SHA1 passwords for a list of given strings. That’s why using strong passwords is important: If you don’t use strong passwords, someone can check a hash he found and find the source string. There is such a database I use sometimes to test the strength of passwords or find default passwords for a program I just installed. This database is here:

Have Fun ! 🙂


Leave a Comment