Penetration Testing mailing list archives
Re: Determining the encryption used
From: Phoebe Tunstall <foibey () gmail com>
Date: Fri, 12 May 2006 20:42:44 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 12 May 2006 12:48:48 -0400 Tim <tim-pentest () sentinelchicken org> wrote:
For the purpose of a one-way function, neither MD5 nor SHA1 has been broken. AFAIK, they are only vulnerable to collision attacks, not first preimage or second preimage attacks, which rely on different properties. Using these functions for specific purposes (such as hashing passwords) is perfectly fine right now.
I'm don't know a lot about these matters, but I was under the impression that if a password verification system is checking passwords against a hash table, all you needed was a collision (as this would hash to the correct value in the table and the comparison of the two would return true). Is this really naive? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFEZOU81vzgRTK71/IRAjBYAKDLJYVcBoZCQy3WR911TIlg5zcbgwCfRYen W8wCDNBBA9HENfLAD/WOMPo= =gjuD -----END PGP SIGNATURE-----
Current thread:
- Determining the encryption used John Madden (May 11)
- Re: Determining the encryption used Art Cooper (May 12)
- Re: Determining the encryption used Tim (May 12)
- Re: Determining the encryption used Rodrigo Ramos (May 12)
- Re: Determining the encryption used Tim (May 12)
- Re: Determining the encryption used Byron Sonne (May 12)
- Re: Determining the encryption used Peter Kosinar (May 12)
- Re: Determining the encryption used Tonnerre Lombard (May 12)
- Re: Determining the encryption used Tim (May 12)
- Re: Determining the encryption used Phoebe Tunstall (May 12)
- Re: Determining the encryption used Peter Kosinar (May 13)
- Re: Determining the encryption used Tim (May 13)
- Re: Determining the encryption used Tim (May 12)
- RE: Determining the encryption used Sahir Hidayatullah (May 12)
- Re: Determining the encryption used thomas springer (May 12)
- Re: Determining the encryption used Dotzero (May 12)
- <Possible follow-ups>
- Re: Determining the encryption used iccs-abr (May 12)
- RE: Determining the encryption used Bob Bell (rtbell) (May 12)
- Re: Re: Determining the encryption used cwright (May 12)