Re: Now that SHA-1 is cracked...
From: Matt Gibson (mattg_at_blueedgetech.ca)
Date: 02/22/05
- Next message: Rafael: "IIS 6.0 WebDAV SEARCH Support"
- Previous message: Deb: "Event ID 2264, Source W3SVC-WP"
- In reply to: thurberk_at_cscsw.com: "Re: Now that SHA-1 is cracked..."
- Next in thread: Jeff Cochran: "Re: Now that SHA-1 is cracked..."
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 22 Feb 2005 09:56:49 -0800
Agreed.
Matt Gibson - GSEC
<thurberk@cscsw.com> wrote in message
news:1109084384.464291.145630@c13g2000cwb.googlegroups.com...
> Matt Gibson wrote:
> <snip A and B>
>> C) Say the paper is right, and they can now break SHA-1 in ~2^53
> attempts.
>> What does this mean to most people? Nothing. With these attacks,
> you
>> cannot just get "I will give you 1 million dollars" to "I will give
> you 10
>> million dollars". You'd have a better chance of getting
> "09sdfkj3uih3wi8"
>> to hash to the same value.
>
> Certainly true--this alleged vulnerability has no measurable effect on
> signed messages. However and unfortunately, some applications use
> SHA-1 as a more basic building block of their security. The most
> common example, of course, is storing the hash of a password in an
> accessible xml file, and authenticating the user if a hash of his input
> matches the hash in the xml file. Assuming that the Chinese can do
> everything they claim, and that the padding problem can likewise be
> overcome, these collisions surely reduce the security of such
> applications by the advertised amount.
>
- Next message: Rafael: "IIS 6.0 WebDAV SEARCH Support"
- Previous message: Deb: "Event ID 2264, Source W3SVC-WP"
- In reply to: thurberk_at_cscsw.com: "Re: Now that SHA-1 is cracked..."
- Next in thread: Jeff Cochran: "Re: Now that SHA-1 is cracked..."
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
