lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <200502171150.33696.mailinglists@vanscherpenseel.nl>
From: mailinglists at vanscherpenseel.nl (Vincent van Scherpenseel)
Subject: In case y'all didn't catch it yet...

On Thursday 17 February 2005 10:57, Lionel Ferette wrote:

> Granted. But what would those "somebody" find? Maybe it is possible to
> forge a message that would have the same hash as another, given, message.
> What is the probability of such a forged message to make any sense? More,
> to make any sense in an "interesting" way for those "somebody"?
>
> I fully agree that the basis for non-repudiation has been shaken: someone
> may claim that (s)he did not sign a message, since it may be possible to
> forge. But I won't lose sleep because of that.

One possibility is brute forcing password hashes. If one has this hash 
'988881adc9fc3655077dc2d4d757d480b5ea0e11', less time is now needed to brute 
force it and gain access to something.

 - Vincent

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ