| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat Apr 9 11:33:43 2005 From: Thierry at sniff-em.com (Thierry Zoller) Subject: Re: Case ID 51560370 - Notice of ClaimedInfringement Guten Tag Jason, [1] J> It was once said that you could not realistically create two difference J> sets of data that would cause a hash collision. Correct, note that there has been as much (if not more) research in that field than in the heap overflow sector. [2] J> It was once said that you could not exploit heap overflows and that J> stack overflows did not allow for control of the machine. Correct. [3] J> It was once thought that you could not use a format string to create an J> exploitable condition. Correct. While these three statements are logical correct in themselves, there is no necesite implication between those 3 sentences, which means they don't proof your point. In other words, it is true statement[2] and [3] were made and were proofen to be wrong, however that doesn't imply stament [1] is wrong. J> I see enough opportunities for motivated people to do the research and J> create a solution that is not computationally prohibitive. I would not J> be surprised if this happens in relatively short time. "relatively short time" Thats impossible because "relatively short time" has already expired... hash functions (MD5) are not new..in other words .. timed out ;) -- Thierry Zoller
Powered by blists - more mailing lists