lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4214B161.6070107@samfundet.no>
From: eian at samfundet.no (Martin Eian)
Subject: In case y'all didn't catch it yet...

> One possibility is brute forcing password hashes. If one has this hash 
> '988881adc9fc3655077dc2d4d757d480b5ea0e11', less time is now needed to brute 
> force it and gain access to something.

Not really. Here's why:

Bruce Schneier wrote that the research team had found collisions in 
SHA-1 in 2**69 operations. A collision won't help you brute force a 
password hash. What you just described is a preimage, not a collision.

 From "Handbook of Applied Cryptography" [1], chapter 9, subsection 
9.2.2, pages 323-324:

1. preimage resistance - for essentially all pre-specified outputs, it 
is computationally infeasible to find any input which hashes to that 
output, i.e., to find any preimage x' such that h(x') = y when given any 
y for which a corresponding input is not known.

2. 2nd-preimage resistance - it is computationally infeasible to find 
any second input which has the same output as any specified input, i.e., 
given x, to find a 2nd-preimage x' =/= x such that h(x) = h(x').

3. collision resistance - it is computationally infeasible to find any 
two distinct inputs x,x' which hash to the same output, i.e., such that 
h(x) = h(x'). (Note that here there is free choice of both inputs.)

[1] http://www.cacr.math.uwaterloo.ca/hac/

-- 
Martin Eian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ