Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • If my recalls on the subject are right, $prefix should be the inverse hash calculated on 0x67452301efcdab8998badcfe10325476 in *your* system (i.e. the system with your initial state).

    Now, you have a system that has more or less the same strength of MD5 (apart of course from your initial state, which might be stronger or weaker), and you're facing the problem of inverting a hash - which makes it quite difficult for you to find $prefix. As long as you find it, you know that you have to flush your system in the toilet, more or less ;)

    On the other hand, this whole prefix stuff (normally referred to as "salting") could be beneficial. I suspect that you *have* to use the system with the alternative initialisation, because of some past work done on it (possibly with other systems), so you might be stuck on it. If this is the case, I have two suggestions:

    1. try to reflect (or make the other ones to reflect) on the fact that not all initialisers are good for MD5, and you might end up in having a weaker system (as an aside, remember them that there's no security through obscurity). Consider salting (with different salts, of course) as an alternative;

    2. patch the MD5 module in order to be able to accept any initialisation sequence, and make the default as it is now. The module owner could be willing to accept such a patch (no change in behaviour, only added features), and you would have a hook to change those values at will without the need to fork. Sounds like a win-win situation (but I'm not the maintainer, so I can't speak for them).

    Flavio.