lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: lionel.ferette at belnet.be (Lionel Ferette) Subject: In case y'all didn't catch it yet... Hello Valdis, On Wednesday 16 February 2005 19:08, you produced the following piece of wisdom: [SNIP] > And if it's a crew with a 400K machine zombie net, 3 days. Maybe a week > given that most of the boxes are consumer-grade machines. > > Consider it a "given" that there's at least one "somebody" *already* > situated in that target space... Granted. But what would those "somebody" find? Maybe it is possible to forge a message that would have the same hash as another, given, message. What is the probability of such a forged message to make any sense? More, to make any sense in an "interesting" way for those "somebody"? I fully agree that the basis for non-repudiation has been shaken: someone may claim that (s)he did not sign a message, since it may be possible to forge. But I won't lose sleep because of that. Time to apply for those crypto research funds, though ;-) Cheers, Lionel -- "To understand how progress failed to make our lives easier, please press 3" Lionel Ferette BELNET CERT Coordinator Tel: +32 2 7903385 http://cert.belnet.be/ Fax: +33 2 7903375 PGP Key Id: 0x5662FD4B -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050217/60982d19/attachment.bin
Powered by blists - more mailing lists