Ethical Hacking Training at InfoSec Institute

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Computer Forensics Computer-Forensics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: SHA1 showing it's age

from [Tim] Network Security [Permanent Link]
Subject: Re: SHA1 showing it's age
Date: Thu, 17 Feb 2005 16:47:16 -0500 
H. Carvey-


This issue shouldn't affect things like SSL and hashed passwords, even
when it becomes public (as I understand it).  But it does affect uses of
hashes to guarantee integrity of files on disk.


I'm not sure I follow there, either.  While I can certainly see a
denial of service aspect, in order for that to happen, physical security
of the disk will have to have been compromised...and it's all over
anyway.   


Could you clarify the issue of denial of service?  I don't see how these
results relate to that.

If physical/system security is sufficient to guarantee images aren't
modified maliciously, why would we even need to use cryptographic
checksums?



When I compute hashes with tools I've developed, I like to use both
SHA-1 and MD5 hashes, as well as collecting the file size.  The
likelihood that both hashes could be collisions while maintaining
recorded file size, and still do something useful for the attacker
(other than DoS) are very slim, I would think.


I would have to agree.  As I said, two hashes eliminate the attacks if
known collisions are released, since it is unlikely those collisions
will consist of the same data.

But as I also said, there's a lot of forensics software that doesn't use
multiple hashes.



I'm sure this is the case, but at the same time, I would (like to)
think that these situations are anomolous, and not the norm.  Such is
the case in many professions...and the instances where these things
happen, professionals are able to deal with them (ie, education,
training, etc.).




For the most part, I think that professionals are able to understand
the strengths and weaknesses of the tools they use.


Precisely.  SHA1 is a commonly used tool in forensics.  As professionals
we should keep an eye on it as things develop.



If I'm not mistaken, that's pretty much what Matt said, re: strategic,
not tactical. 


Perhaps it is what he meant, but I took it more as a dismissal of the
issue.

Oh, and my hair isn't on fire.

tim

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
[More with this subject...]


<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: SHA1 showing it's age, bkfsec
Next by Date:  RE: SHA1 showing it's age, Surago Jones
Previous by Thread:  Re: SHA1 showing it's age, James Riden
Next by Thread:  RE: SHA1 showing it's age, dave kleiman
Indexes:  [Date] [Thread] [Top] [All Lists]