Ok I came across this

http://www.stachliu.com/md4coll.c

They also have an MD5 one

Not too sure about collisions, but from quick reading, it is another plain-text which produces the same hash after a hash-digest?

Does this mean it can be used to attack NT hashes on the Vista/W7 machines? or is windows smart enough to hash the user password twice with another algo and compare the plaintext to both?

Wouldn't it just be faster to find collisions (no idea how fast it is) as opposed to Bruteforcing / RTlookup.

Yes, that's a collision.



Read a bit from http://en.wikipedia.org/wiki/Collision_attack and the links from there.

"Q: What is a collision attack and a preimage attack?
A: A preimage attack would enable someone to find an input message that causes a hash function to produce a particular output. In contrast, a collision attack finds two messages with the same hash, but the attacker can't pick what the hash will be."

In cracking a hash used for password schemes there is no easy way to go from the hash to the password. You can mount a dictionary attack, bruteforce, rainbowtables, etc.

No windows isn't smart enough to use salts or use more than a single hash verification.

Some software package systems have the ability to store and use multiple hashes. This is a good idea since one can't predict which hash will fall victim to a fatal flaw and the ability of an attacker to create a file that isn't authentic and passes all hash checks is quite hard.

You may also enjoy the table found at http://en.wikipedia.org/wiki/Cryptograp ... algorithms

Hello.
Its good article, though I find that you should have explained Birthday paradox, due to which the probability of finding a collision is 2^x/2 where x is the total hash size. Other wise this is a brief and good work.

Yes, the birthday paradox is why SHA-256 is for AES-128 and SHA-512 is for AES-256. It is a bit confusing and counterintuitive. Further reading of Practical Cryptography (Bruce Schneier and Neils Ferguson) is helpful for this concept and many others. I don't buy many dead tree books but this is one I keep handy for reference. The 2nd edition is due out in March and will be retitled "Cryptography Engineering."

Though, since only AES-256 is approved for NSA top secret and AES-256 is now attackable in less than 2^128, I can't wait to see what NIST or the NSA do about the key scheduling issues in AES-256 and to a lesser extent in AES-192.