Full Disclosure mailing list archives
Re: Month of Random Hashes: DAY THREE
From: M.B.Jr. <marcio.barbado () gmail com>
Date: Fri, 15 Jun 2007 23:32:50 -0300
On 6/15/07, Jason Miller <jammer128 () gmail com> wrote: I still think this is useless. What am I going to do with hashes? This whole Month of * BS is making me want to unsubscribe from the listing. Jason, do it please... Dessent, did I mentioned concatenated hashes? you trippin man... Kletnieks, it's possible but it is not a rule. so if the number of NON-CONCATENATED hashes tends to infinite, your chances tend to zero.
On Fri, 15 Jun 2007 16:59:01 -0300, "M.B.Jr." said: > but only one string can produce that md5 hash signature, > that sha1 hash signature, fucking that sha256 hash signature, fucking
that
> <any_other> hash signature, etc...
My "etc" means "fucking that <any_other> hash signature" INFINITE times... On 6/15/07, Jason Miller <jammer128 () gmail com> wrote:
I still think this is useless. What am I going to do with hashes? This whole Month of * BS is making me want to unsubscribe from the listing. On 6/15/07, Valdis.Kletnieks () vt edu <Valdis.Kletnieks () vt edu> wrote: > On Fri, 15 Jun 2007 16:59:01 -0300, "M.B.Jr." said: > > but only one string can produce that md5 hash signature, > > that sha1 hash signature, fucking that sha256 hash signature, fucking that > > <any_other> hash signature, etc... > > Nope. There's an infinite number of strings that would produce the same > MD5/sha1/sha256/whatever hash. The interesting point about such hashes is > that although given a particular string A, we can *easily* compute the hash H. > However, knowing H, we don't have a good way to recover A, nor do we have any > easy way to compute a *second* string B that hashes to H. > > So, given a hash H, we know one of 3 things is true: > > 1) The person we got H from has A, and easily computed H. > 2) The person doesn't have A, but does have either a way to use several million > CPU-years or a crypto breakthrough to compute some string B that also hashes to H > 3) The person just pulled a pseudo-random string of bits out of their ass, > called it H, and has as little clue about A and B as we do. > > At the current time, (2) is believed to be impractical, and (3) fails the > instant the person actually has to produce A itself. As a result, we can > usually presume that if they have a hash H, they've got the A it hashed from. > > This becomes interesting if you want to prove that you have a prior claim on > something, without revealing the something (for instance, an advisory or PoC > for something while you're still working with a vendor about fixing it) - you > can (for instance) post the hash of it on May 1, release the announcement on > July 1, and when others dispute your claim you knew about it on May 1, you can > point to the hash from May 1, and show it's the same as the hash of your July 1 > announcement, and thus prove you knew about it back on that date. > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- Marcio Barbado, Jr. ============== ==============
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Month of Random Hashes: DAY THREE Month of Random Hashes (Jun 12)
- Re: Month of Random Hashes: DAY THREE Dëêþàñ Çhäkrãvârthÿ (Jun 13)
- Re: Month of Random Hashes: DAY THREE Brian Dessent (Jun 13)
- Re: Month of Random Hashes: DAY THREE Guasconi Vincent (Jun 14)
- Re: Month of Random Hashes: DAY THREE Tõnu Samuel (Jun 15)
- Re: Month of Random Hashes: DAY THREE M . B . Jr . (Jun 15)
- Re: Month of Random Hashes: DAY THREE Brian Dessent (Jun 15)
- Re: Month of Random Hashes: DAY THREE Pavel Kankovsky (Jun 16)
- Re: Month of Random Hashes: DAY THREE Valdis . Kletnieks (Jun 15)
- Re: Month of Random Hashes: DAY THREE Jason Miller (Jun 15)
- Re: Month of Random Hashes: DAY THREE M . B . Jr . (Jun 15)
- Re: Month of Random Hashes: DAY THREE Brian Dessent (Jun 13)
- Re: Month of Random Hashes: DAY THREE William Lefkovics (Jun 16)
- Re: Month of Random Hashes: DAY THREE M . B . Jr . (Jun 16)
- Re: Month of Random Hashes: DAY THREE Dëêþàñ Çhäkrãvârthÿ (Jun 13)
- <Possible follow-ups>
- Fwd: Month of Random Hashes: DAY THREE rashid mohammed (Jun 15)
- Re: Fwd: Month of Random Hashes: DAY THREE Month of Random Hashes (Jun 15)
- Re: Month of Random Hashes: DAY THREE Month of Random Hashes (Jun 15)
- Re: Month of Random Hashes: DAY THREE Month of Random Hashes (Jun 15)
- Re: Month of Random Hashes: DAY THREE Month of Random Hashes (Jun 15)