| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 24 Mar 2007 11:48:10 -0500
From: wac <waldoalvarez00@...il.com>
To: "Blue Boar" <BlueBoar@...evco.com>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>,
3APA3A <3APA3A@...urity.nnov.ru>, Secure Coding <SC-L@...urecoding.org>
Subject: Re: Chinese Professor Cracks Fifth Data Security
Algorithm (SHA-1)
Of course not, is enough to find a collision and you'll get for example a
message signed by somebody else that looks completely authentic since
signatures encrypt that hash with the private key.
On 3/21/07, Blue Boar <BlueBoar@...evco.com> wrote:
>
> 3APA3A wrote:
> > First, by reading 'crack' I thought lady can recover full message by
> > it's signature. After careful reading she can bruteforce collisions 2000
> > times faster.
>
> Cracking a hash would never mean recovering the full original message,
> except for possibly messages that were smaller than the number of bits
> in the hash value. There are an infinite number of messages that all
> hash to the same value.
>
> The best crack you can have for a hash is to be able collide with an
> existing hash value and be able to choose most of the message contents.
>
> BB
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists