Ethical Hacking Training at InfoSec Institute

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Computer Forensics Computer-Forensics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: SHA1 showing it's age

from [bkfsec] Network Security [Permanent Link]
Subject: Re: SHA1 showing it's age
Date: Tue, 22 Feb 2005 16:34:23 -0500 
Kevin.M-ctr.Shannon@faa.gov wrote:


Barry,

Your quoted conversation is hilarious. I think that I had the exact same conversation, regarding duplicate hashes, with a peer when I was in college.
And it ended something like this...

"Yeah, theoretically you could have a duplicate hash on a different file but the odds are so great no one would ever be able to do it."

HAHA It seems that the entire method of cross-checking based on all general hashing techniques must be taken back to the drawing board.

Unless each file is assigned some number analogous to Pi (an infinite number), there will always be a flaw.

At this point, I could lead into an argument that mathematics is inherently flawed because of several reasons:
1. It is a human creation
2. ...3....etc.

But I'll save that for some philosophy list.



Hah - so true.

Though, one has to say that if your hash is an infinite number (or approaching infinite), then why not simply record the precise contents of the file and compare that? It would be more space efficient. :)

      -Barry




-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com

[More with this subject...]


<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: SHA1 and MD5 of passphrases, Tim
Next by Date:  Recovering file slack, Nick Puetz
Previous by Thread:  RE: SHA1 showing it's age, Surago Jones
Next by Thread:  Bruce Schneier reports SHA-1 Broken, David Baker
Indexes:  [Date] [Thread] [Top] [All Lists]