Full Disclosure mailing list archives
Re: Month of Random Hashes: DAY THREE
From: "Month of Random Hashes" <morh () hush ai>
Date: Fri, 15 Jun 2007 22:17:55 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mayhem, Your loss to Frank Trigg was a horrible embarrassment. You are further embarrassing yourself by offering criticism on something you clearly do not understand. Please be patient, full-disclosure is not a place for flames. If you are confused as to what the purpose of this list is, the community urges you to read the list charter, which is available at: http://lists.grok.org.uk/full-disclosure-charter.html If you have further questions to the purpose of the list, then please ask and many of us from the community will be glad to help you. We are still working on the FAQ for the Month of Random Hashes Project. Please bear with us until we have had time to complete it. Thank you for your kind understanding. On Fri, 15 Jun 2007 17:49:12 -0400 Jason Miller <jammer128 () gmail com> wrote:
I still think this is useless. What am I going to do with hashes? This whole Month of * BS is making me want to unsubscribe from the listing. On 6/15/07, Valdis.Kletnieks () vt edu <Valdis.Kletnieks () vt edu> wrote:On Fri, 15 Jun 2007 16:59:01 -0300, "M.B.Jr." said:but only one string can produce that md5 hash signature, that sha1 hash signature, fucking that sha256 hash signature,fucking that<any_other> hash signature, etc...Nope. There's an infinite number of strings that would producethe sameMD5/sha1/sha256/whatever hash. The interesting point about suchhashes isthat although given a particular string A, we can *easily*compute the hash H.However, knowing H, we don't have a good way to recover A, nordo we have anyeasy way to compute a *second* string B that hashes to H. So, given a hash H, we know one of 3 things is true: 1) The person we got H from has A, and easily computed H. 2) The person doesn't have A, but does have either a way to useseveral millionCPU-years or a crypto breakthrough to compute some string B thatalso hashes to H3) The person just pulled a pseudo-random string of bits out oftheir ass,called it H, and has as little clue about A and B as we do. At the current time, (2) is believed to be impractical, and (3)fails theinstant the person actually has to produce A itself. As aresult, we canusually presume that if they have a hash H, they've got the A ithashed from.This becomes interesting if you want to prove that you have aprior claim onsomething, without revealing the something (for instance, anadvisory or PoCfor something while you're still working with a vendor aboutfixing it) - youcan (for instance) post the hash of it on May 1, release theannouncement onJuly 1, and when others dispute your claim you knew about it onMay 1, you canpoint to the hash from May 1, and show it's the same as the hashof your July 1announcement, and thus prove you knew about it back on thatdate._______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.5 wpwEAQECAAYFAkZzSDIACgkQU0oRLIlju1HmbgP+OV6RMkaxssTbhZP6MtKlxn+xk/Dg CnRiSUsbyd0pdm+kS8h6QD5otAtjQF71RG0ii4/5wc2PPS/IeJMTzTnzAk5WBSqwq7Vy ervqT/oYZ2juSqRyWa6snVePA+HcFDbcFIc6+FD5YFPhSbUUlmUyFD0NEZJioOMH4lZX 0W+00vo= =ZRf1 -----END PGP SIGNATURE----- -- Click here for free information on nursing jobs, up to $150/hour http://tagline.hushmail.com/fc/CAaCXv1Rz1p1cxPJbMS6W9Po8lqIfuyG/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Month of Random Hashes: DAY THREE, (continued)
- Re: Month of Random Hashes: DAY THREE Pavel Kankovsky (Jun 16)
- Re: Month of Random Hashes: DAY THREE Valdis . Kletnieks (Jun 15)
- Re: Month of Random Hashes: DAY THREE Jason Miller (Jun 15)
- Re: Month of Random Hashes: DAY THREE M . B . Jr . (Jun 15)
- Re: Month of Random Hashes: DAY THREE William Lefkovics (Jun 16)
- Re: Month of Random Hashes: DAY THREE M . B . Jr . (Jun 16)