Full Disclosure mailing list archives
Re: Month of Random Hashes: DAY THREE
From: M.B.Jr. <marcio.barbado () gmail com>
Date: Fri, 15 Jun 2007 16:59:01 -0300
damn man, you complicate it so much. right now, Deepan is more confused than before. like, "Hey Deepan, in order to kill that mosquito we have this missile and..." Math is simple, and so must be the explanations surrounding it. the thing is, many different strings can result in the same, say md5 hash signature. but only one string can produce that md5 hash signature, that sha1 hash signature, fucking that sha256 hash signature, fucking that <any_other> hash signature, etc... On 6/14/07, Brian Dessent <brian () dessent net> wrote:
Dëêþàñ Çhäkrãvârthÿ wrote: > > I am not sure what exactly people do with random hashes. Do you people > try to decrypt using rainbow table or anything similar to that ? > Guys I am in the dark, please help me. The original intent was that someone discovering a vuln would post the hash of the POC to the list so that later when it was widely released they could prove the point in time at which they found it. Hashing is not encryption, so flush the notion of "decrypt a hash" from your brain. For any given hash there are an infinite number of inputs that would result in that same output, though most of them are meaningless strings of garbage of astronomical length. In the case of passwords since it is known that they are typically short in length and have a limited set of characters it's sometimes possible to come up with an input that is sensible, but for something like a POC of a vulnerability it would be quite naive to think that you could ever recover it in any reasonable amount of time. That was never the intent anyway; it was about proving who was first to discover something. But seeing as this is FD and there has been a rash of "Month of Foo" nonsense, I think someone is just taking the piss and further degrading the already miniscule SNR of this list. Unless a posted hash is correlated to the release of some POC or other item of interest, it's noise. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- Marcio Barbado, Jr. ============== ==============
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Month of Random Hashes: DAY THREE Month of Random Hashes (Jun 12)
- Re: Month of Random Hashes: DAY THREE Dëêþàñ Çhäkrãvârthÿ (Jun 13)
- Re: Month of Random Hashes: DAY THREE Brian Dessent (Jun 13)
- Re: Month of Random Hashes: DAY THREE Guasconi Vincent (Jun 14)
- Re: Month of Random Hashes: DAY THREE Tõnu Samuel (Jun 15)
- Re: Month of Random Hashes: DAY THREE M . B . Jr . (Jun 15)
- Re: Month of Random Hashes: DAY THREE Brian Dessent (Jun 15)
- Re: Month of Random Hashes: DAY THREE Pavel Kankovsky (Jun 16)
- Re: Month of Random Hashes: DAY THREE Valdis . Kletnieks (Jun 15)
- Re: Month of Random Hashes: DAY THREE Jason Miller (Jun 15)
- Re: Month of Random Hashes: DAY THREE M . B . Jr . (Jun 15)
- Re: Month of Random Hashes: DAY THREE Brian Dessent (Jun 13)
- Re: Month of Random Hashes: DAY THREE William Lefkovics (Jun 16)
- Re: Month of Random Hashes: DAY THREE M . B . Jr . (Jun 16)
- Re: Month of Random Hashes: DAY THREE Dëêþàñ Çhäkrãvârthÿ (Jun 13)
- <Possible follow-ups>
- Fwd: Month of Random Hashes: DAY THREE rashid mohammed (Jun 15)
- Re: Fwd: Month of Random Hashes: DAY THREE Month of Random Hashes (Jun 15)
- Re: Month of Random Hashes: DAY THREE Month of Random Hashes (Jun 15)