mailing list archives
Re: Chinese Professor Cracks Fifth Data Security Algorithm (SHA-1)
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Wed, 21 Mar 2007 21:29:14 +0300
Dear Blue Boar,
I know meaning of 'hash function' term, I wrote few articles on
challenge-response authentication and I did few hash functions
implementations for hashtables and authentication in FreeRADIUS and
3proxy. Can I claim my right for sarcasm after calling ability to
bruteforce 160-bit hash 2000 times faster 'a crack'?
--Wednesday, March 21, 2007, 8:53:27 PM, you wrote to 3APA3A () SECURITY NNOV RU:
BB> 3APA3A wrote:
First, by reading 'crack' I thought lady can recover full message by
it's signature. After careful reading she can bruteforce collisions 2000
BB> Cracking a hash would never mean recovering the full original message,
BB> except for possibly messages that were smaller than the number of bits
BB> in the hash value. There are an infinite number of messages that all
BB> hash to the same value.
BB> The best crack you can have for a hash is to be able collide with an
BB> existing hash value and be able to choose most of the message contents.
Åñòü òàì âåðñèè Îòåëëî, ãäå Äåçäåìîíà äóøèò Ìàâðà. (Ëåì)
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/