Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: In case y'all didn't catch it yet...
From: Vincent van Scherpenseel <mailinglists () vanscherpenseel nl>
Date: Thu, 17 Feb 2005 11:50:33 +0100

On Thursday 17 February 2005 10:57, Lionel Ferette wrote:

Granted. But what would those "somebody" find? Maybe it is possible to
forge a message that would have the same hash as another, given, message.
What is the probability of such a forged message to make any sense? More,
to make any sense in an "interesting" way for those "somebody"?

I fully agree that the basis for non-repudiation has been shaken: someone
may claim that (s)he did not sign a message, since it may be possible to
forge. But I won't lose sleep because of that.

One possibility is brute forcing password hashes. If one has this hash 
'988881adc9fc3655077dc2d4d757d480b5ea0e11', less time is now needed to brute 
force it and gain access to something.

 - Vincent
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]