Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Chinese Professor Cracks Fifth Data Security Algorithm (SHA-1)
Date: Wed, 21 Mar 2007 21:29:14 +0300

Dear Blue Boar,

I  know  meaning  of  'hash  function'  term,  I  wrote  few articles on
challenge-response   authentication   and   I  did  few  hash  functions
implementations  for  hashtables  and  authentication  in FreeRADIUS and
3proxy.  Can  I  claim  my  right  for  sarcasm after calling ability to
bruteforce 160-bit hash 2000 times faster 'a crack'?

--Wednesday, March 21, 2007, 8:53:27 PM, you wrote to 3APA3A () SECURITY NNOV RU:

BB> 3APA3A wrote:
First,  by  reading  'crack'  I thought lady can recover full message by
it's signature. After careful reading she can bruteforce collisions 2000
times faster.

BB> Cracking a hash would never mean recovering the full original message,
BB> except for possibly messages that were smaller than the number of bits
BB> in the hash value. There are an infinite number of messages that all
BB> hash to the same value.

BB> The best crack you can have for a hash is to be able collide with an
BB> existing hash value and be able to choose most of the message contents.

BB>                                     BB

~/ZARAZA http://securityvulns.com/
Åñòü òàì âåðñèè Îòåëëî, ãäå Äåçäåìîíà äóøèò Ìàâðà. (Ëåì)

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]