| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 21 Mar 2007 21:29:14 +0300 From: 3APA3A <3APA3A@...URITY.NNOV.RU> To: Blue Boar <BlueBoar@...evco.com> Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>, Secure Coding <SC-L@...urecoding.org> Subject: Re: Chinese Professor Cracks Fifth Data Security Algorithm (SHA-1) Dear Blue Boar, I know meaning of 'hash function' term, I wrote few articles on challenge-response authentication and I did few hash functions implementations for hashtables and authentication in FreeRADIUS and 3proxy. Can I claim my right for sarcasm after calling ability to bruteforce 160-bit hash 2000 times faster 'a crack'? --Wednesday, March 21, 2007, 8:53:27 PM, you wrote to 3APA3A@...URITY.NNOV.RU: BB> 3APA3A wrote: >> First, by reading 'crack' I thought lady can recover full message by >> it's signature. After careful reading she can bruteforce collisions 2000 >> times faster. BB> Cracking a hash would never mean recovering the full original message, BB> except for possibly messages that were smaller than the number of bits BB> in the hash value. There are an infinite number of messages that all BB> hash to the same value. BB> The best crack you can have for a hash is to be able collide with an BB> existing hash value and be able to choose most of the message contents. BB> BB -- ~/ZARAZA http://securityvulns.com/ Åñòü òàì âåðñèè Îòåëëî, ãäå Äåçäåìîíà äóøèò Ìàâðà. (Ëåì) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists