mailing list archives
Re: In case y'all didn't catch it yet...
From: Vincent van Scherpenseel <mailinglists () vanscherpenseel nl>
Date: Thu, 17 Feb 2005 11:50:33 +0100
On Thursday 17 February 2005 10:57, Lionel Ferette wrote:
Granted. But what would those "somebody" find? Maybe it is possible to
forge a message that would have the same hash as another, given, message.
What is the probability of such a forged message to make any sense? More,
to make any sense in an "interesting" way for those "somebody"?
I fully agree that the basis for non-repudiation has been shaken: someone
may claim that (s)he did not sign a message, since it may be possible to
forge. But I won't lose sleep because of that.
One possibility is brute forcing password hashes. If one has this hash
'988881adc9fc3655077dc2d4d757d480b5ea0e11', less time is now needed to brute
force it and gain access to something.
Full-Disclosure - We believe in it.
Re: In case y'all didn't catch it yet... Polarizer (Feb 16)