Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Chinese Professor Cracks Fifth Data Security Algorithm (SHA-1)

From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Wed, 21 Mar 2007 21:29:14 +0300
Dear Blue Boar,

I  know  meaning  of  'hash  function'  term,  I  wrote  few articles on
challenge-response   authentication   and   I  did  few  hash  functions
implementations  for  hashtables  and  authentication  in FreeRADIUS and
3proxy.  Can  I  claim  my  right  for  sarcasm after calling ability to
bruteforce 160-bit hash 2000 times faster 'a crack'?

--Wednesday, March 21, 2007, 8:53:27 PM, you wrote to 3APA3A () SECURITY NNOV RU:

BB> 3APA3A wrote:

First,  by  reading  'crack'  I thought lady can recover full message by
it's signature. After careful reading she can bruteforce collisions 2000
times faster.


BB> Cracking a hash would never mean recovering the full original message,
BB> except for possibly messages that were smaller than the number of bits
BB> in the hash value. There are an infinite number of messages that all
BB> hash to the same value.

BB> The best crack you can have for a hash is to be able collide with an
BB> existing hash value and be able to choose most of the message contents.

BB>                                     BB


-- 
~/ZARAZA http://securityvulns.com/
Åñòü òàì âåðñèè Îòåëëî, ãäå Äåçäåìîíà äóøèò Ìàâðà. (Ëåì)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: