Ethical Hacking Training at InfoSec Institute

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Computer Forensics Computer-Forensics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: SHA1 showing it's age

from [bkfsec] Network Security [Permanent Link]
Subject: Re: SHA1 showing it's age
Date: Thu, 17 Feb 2005 16:25:03 -0500 
H Carvey wrote:

In-Reply-To: <83eea6c0aec0bd663f49f7600faeed6d@mac.com>

Matt,



For our field it's a strategic concern, not a tactical one.



Very well said, indeed! 

In our field, too often, very smart people will come running into the room with 
their hair on fire, screaming that SHA-1 or MD-5 are broken.  Yet, when they 
are asked how that affects what we do, they very often return blank stares.

You're correct...what are the chances that an arbitrary file can be constructed 
to have both the same MD-5 and SHA-1 hashes as the file it's replacing, be the 
same size, and still be able to do something useful to for the attacker?



LOL, I remember when I was first introduced to MD5 sums a number of years ago. The person who introduced me to the various md5summation programs (a coworker of mine in college) was adamant that it was a flawless system.

I recall that the conversation went something like this...

Me: "Wow, that's pretty cool. You're verifying the content of the file based on the summation of its contents. That's definately a better method than relying on time/date/size combinations."
Him: "Yeah. And the best part is that it's impossible for two files to have the exact same hash!"
Me: "What?"
Him: "Yeah, it's part of the scheme. There can never be a collision!"
Me: "Umm... you're taking numerous files and summating their contents into a much smaller string, of course there are going to be duplicates that are different files."
Him: "Well, that would invalidate the hash, right?"
Me: "No... not unless someone could replace the files and still end up with the exact same hash..."

etc...etc...

I never did convince him of that. This is the same kind of situation. The chances of a collision may be small, but with the number of different things that can be hashed out there, it's innevitable. Sometimes otherwise intelligent people are devoid of common sense.

            -Barry


-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com

[More with this subject...]


<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  SHA1 and MD5 of passphrases, Harry Bulbrook
Next by Date:  Re: SHA1 showing it's age, Tim
Previous by Thread:  Re: SHA1 showing it's age, H Carvey
Next by Thread:  Re: SHA1 showing it's age, H Carvey
Indexes:  [Date] [Thread] [Top] [All Lists]