lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <722.1181941012@turing-police.cc.vt.edu>
Date: Fri, 15 Jun 2007 16:56:52 -0400
From: Valdis.Kletnieks@...edu
To: "M.B.Jr." <marcio.barbado@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Month of Random Hashes: DAY THREE

On Fri, 15 Jun 2007 16:59:01 -0300, "M.B.Jr." said:
> but only one string can produce that md5 hash signature,
> that sha1 hash signature, fucking that sha256 hash signature, fucking that
> <any_other> hash signature, etc...

Nope.  There's an infinite number of strings that would produce the same
MD5/sha1/sha256/whatever hash.  The interesting point about such hashes is
that although given a particular string A, we can *easily* compute the hash H.
However, knowing H, we don't have a good way to recover A, nor do we have any
easy way to compute a *second* string B that hashes to H.

So, given a hash H, we know one of 3 things is true:

1) The person we got H from has A, and easily computed H.
2) The person doesn't have A, but does have either a way to use several million
CPU-years or a crypto breakthrough to compute some string B that also hashes to H
3) The person just pulled a pseudo-random string of bits out of their ass,
called it H, and has as little clue about A and B as we do.

At the current time, (2) is believed to be impractical, and (3) fails the
instant the person actually has to produce A itself.  As a result, we can
usually presume that if they have a hash H, they've got the A it hashed from.

This becomes interesting if you want to prove that you have a prior claim on
something, without revealing the something (for instance, an advisory or PoC
for something while you're still working with a vendor about fixing it) - you
can (for instance) post the hash of it on May 1, release the announcement on
July 1, and when others dispute your claim you knew about it on May 1, you can
point to the hash from May 1, and show it's the same as the hash of your July 1
announcement, and thus prove you knew about it back on that date.


Content of type "application/pgp-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ