From the paper "Terracrack: Password cracking using TeraFlop and PetaByte Resources" by Tom Perrine and Devin Kowatch, at the San Diego Supercomputing Center. They built up billions of plaintext passwords and looked for crypt() collisions (among other things)...

http://security.sdsc.edu/publications/teracrack.pdf

...we found one "real" collision. By this we mean two words, that differ in more than just the lower 7 bits of each byte, which hash to the same value [under crypt()]. This occurs with the words "$C4U1N3R" and "SEEKETH.", under the salt "1/". Both words hash to: "ChERhgHoo1o".

Thane Plambeck 650 321 4884 office 650 323 4928 fax http://www.plambeck.org