lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200502171057.28832.lionel.ferette@belnet.be>
From: lionel.ferette at belnet.be (Lionel Ferette)
Subject: In case y'all didn't catch it yet...

Hello Valdis,

On Wednesday 16 February 2005 19:08, you produced the following piece of 
wisdom:
[SNIP]
> And if it's a crew with a 400K machine zombie net, 3 days.  Maybe a week
> given that most of the boxes are consumer-grade machines.
> 
> Consider it a "given" that there's at least one "somebody" *already*
> situated in that target space...
Granted. But what would those "somebody" find? Maybe it is possible to forge a 
message that would have the same hash as another, given, message. What is the
probability of such a forged message to make any sense? More, to make any 
sense in an "interesting" way for those "somebody"?

I fully agree that the basis for non-repudiation has been shaken: someone may 
claim that (s)he did not sign a message, since it may be possible to forge. 
But I won't lose sleep because of that.

Time to apply for those crypto research funds, though ;-)

Cheers,

Lionel

-- 
"To understand how progress failed to make our lives easier,
please press 3"

Lionel Ferette
BELNET CERT Coordinator

Tel: +32 2 7903385                  http://cert.belnet.be/
Fax: +33 2 7903375                  PGP Key Id: 0x5662FD4B
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050217/60982d19/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ