Computer Forensics: Re: SHA1 showing it's age

Ethical Hacking Training at InfoSec Institute

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Computer Forensics Computer-Forensics

[Top] [All Lists]

Re: SHA1 showing it's age

from [H Carvey] Network Security

[Permanent Link]

Subject:	Re: SHA1 showing it's age
Date:	17 Feb 2005 12:45:53 -0000

In-Reply-To: <83eea6c0aec0bd663f49f7600faeed6d@mac.com>

Matt,

For our field it's a strategic concern, not a tactical one.


Very well said, indeed!  

In our field, too often, very smart people will come running into the room with 
their hair on fire, screaming that SHA-1 or MD-5 are broken.  Yet, when they 
are asked how that affects what we do, they very often return blank stares.

You're correct...what are the chances that an arbitrary file can be constructed 
to have both the same MD-5 and SHA-1 hashes as the file it's replacing, be the 
same size, and still be able to do something useful to for the attacker?

H. Carvey
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
SHA1 showing it's age, Tim Re: SHA1 showing it's age, Matthew Pepe Re: SHA1 showing it's age, Tim SHA1 and MD5 of passphrases, Harry Bulbrook Re: SHA1 and MD5 of passphrases, kumquat Re: SHA1 and MD5 of passphrases, Tim Re: SHA1 showing it's age, H Carvey <= Re: SHA1 showing it's age, bkfsec Re: SHA1 showing it's age, H Carvey Re: SHA1 showing it's age, James Riden Re: SHA1 showing it's age, Tim RE: SHA1 showing it's age, dave kleiman RE: SHA1 showing it's age, Surago Jones Re: SHA1 showing it's age, bkfsec

Previous by Date:	Re: SHA1 showing it's age, Tim
Next by Date:	Re: SHA1 showing it's age, H Carvey
Previous by Thread:	Re: SHA1 and MD5 of passphrases, Tim
Next by Thread:	Re: SHA1 showing it's age, bkfsec
Indexes:	[Date] [Thread] [Top] [All Lists]