Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: Case ID 51560370 - Notice of ClaimedInfringement

From: Thierry Zoller <Thierry () sniff-em com>
Date: Sat, 9 Apr 2005 12:33:26 +0200
Guten Tag Jason,

[1]
J> It was once said that you could not realistically create two difference
J> sets of data that would cause a hash collision.
Correct, note that there has been as much (if not more) research in that field than in
the heap overflow sector.

[2]
J> It was once said that you could not exploit heap overflows and that
J> stack overflows did not allow for control of the machine.
Correct.

[3]
J> It was once thought that you could not use a format string to create an
J> exploitable condition.
Correct.

While these three statements are logical correct in themselves, there is no
necesite implication between those 3 sentences, which means they don't
proof your point. In other words, it is true statement[2] and [3] were made
and were proofen to be wrong, however that doesn't imply stament [1]
is wrong.

J> I see enough opportunities for motivated people to do the research and
J> create a solution that is not computationally prohibitive. I would not
J> be surprised if this happens in relatively short time.
"relatively short time"
Thats impossible because "relatively short time" has already
expired... hash functions (MD5) are not new..in other words .. timed out ;)


-- 
Thierry Zoller


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: