lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <985b1a3d0706140113t22e813blcc600795e56c939f@mail.gmail.com>
Date: Thu, 14 Jun 2007 10:13:56 +0200
From: "Guasconi Vincent" <tyoptyop@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Month of Random Hashes: DAY THREE

On 6/14/07, Brian Dessent <brian@...sent.net> wrote:
> Dëêþàñ Çhäkrãvârthÿ wrote:
> > I am not sure what  exactly people do with random hashes.  Do you people
> > try to decrypt using rainbow table or anything similar to that ?
> > Guys I am in the dark, please help me.
>
> The original intent was that someone discovering a vuln would post the
> hash of the POC to the list so that later when it was widely released
> they could prove the point in time at which they found it.
>
> Hashing is not encryption, so flush the notion of "decrypt a hash" from
> your brain.  For any given hash there are an infinite number of inputs
> that would result in that same output, though most of them are
> meaningless strings of garbage of astronomical length.  In the case of
> passwords since it is known that they are typically short in length and
> have a limited set of characters it's sometimes possible to come up with
> an input that is sensible, but for something like a POC of a
> vulnerability it would be quite naive to think that you could ever
> recover it in any reasonable amount of time.  That was never the intent
> anyway; it was about proving who was first to discover something.
>
> But seeing as this is FD and there has been a rash of "Month of Foo"
> nonsense, I think someone is just taking the piss and further degrading
> the already miniscule SNR of this list.  Unless a posted hash is
> correlated to the release of some POC or other item of interest, it's
> noise.

Long live the Month of Random Hashes !
"We believe in it."

-- 
Guasconi Vincent
Etudiant.
http://altmylife.blogspot.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ