Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Chinese Professor Cracks Fifth Data Security Algorithm (SHA-1)

From: wac <waldoalvarez00 () gmail com>
Date: Sat, 24 Mar 2007 11:48:10 -0500
Of course not, is enough to find a collision and you'll get for example a
message signed by somebody else that looks completely authentic since
signatures encrypt that hash with the private key.

On 3/21/07, Blue Boar <BlueBoar () thievco com> wrote:


3APA3A wrote:
> First,  by  reading  'crack'  I thought lady can recover full message by
> it's signature. After careful reading she can bruteforce collisions 2000
> times faster.

Cracking a hash would never mean recovering the full original message,
except for possibly messages that were smaller than the number of bits
in the hash value. There are an infinite number of messages that all
hash to the same value.

The best crack you can have for a hash is to be able collide with an
existing hash value and be able to choose most of the message contents.

                                        BB

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: