| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: eian at samfundet.no (Martin Eian) Subject: In case y'all didn't catch it yet... > One possibility is brute forcing password hashes. If one has this hash > '988881adc9fc3655077dc2d4d757d480b5ea0e11', less time is now needed to brute > force it and gain access to something. Not really. Here's why: Bruce Schneier wrote that the research team had found collisions in SHA-1 in 2**69 operations. A collision won't help you brute force a password hash. What you just described is a preimage, not a collision. From "Handbook of Applied Cryptography" [1], chapter 9, subsection 9.2.2, pages 323-324: 1. preimage resistance - for essentially all pre-specified outputs, it is computationally infeasible to find any input which hashes to that output, i.e., to find any preimage x' such that h(x') = y when given any y for which a corresponding input is not known. 2. 2nd-preimage resistance - it is computationally infeasible to find any second input which has the same output as any specified input, i.e., given x, to find a 2nd-preimage x' =/= x such that h(x) = h(x'). 3. collision resistance - it is computationally infeasible to find any two distinct inputs x,x' which hash to the same output, i.e., such that h(x) = h(x'). (Note that here there is free choice of both inputs.) [1] http://www.cacr.math.uwaterloo.ca/hac/ -- Martin Eian
Powered by blists - more mailing lists