Hacker News new | ask | show | jobs
by michaelmior 4418 days ago
The point is that it makes it easier for an attacker to find a hash collision. It's much easier to construct data which hashes to a given value if it can be of arbitrary length. I don't immediately see the connection with this article however.
2 comments
asdfaoeu 4418 days ago
I don't follow. Breaking a password hash your not trying to find a hash collision you need to break the preimage attack. Sure are some stage in the future there might be a preimage attack that requires a large amount of data to use. But really if your worried about theoretical preimage attack you aren't using md5.
link
tptacek 4418 days ago
The attacker doesn't need a hash collision in the case you're describing; they need a preimage.
link