[Full-Disclosure] In case y'all didn't catch it yet...
eian at samfundet.no
Thu Feb 17 14:59:45 GMT 2005
> One possibility is brute forcing password hashes. If one has this hash
> '988881adc9fc3655077dc2d4d757d480b5ea0e11', less time is now needed to brute
> force it and gain access to something.
Not really. Here's why:
Bruce Schneier wrote that the research team had found collisions in
SHA-1 in 2**69 operations. A collision won't help you brute force a
password hash. What you just described is a preimage, not a collision.
From "Handbook of Applied Cryptography" , chapter 9, subsection
9.2.2, pages 323-324:
1. preimage resistance - for essentially all pre-specified outputs, it
is computationally infeasible to find any input which hashes to that
output, i.e., to find any preimage x' such that h(x') = y when given any
y for which a corresponding input is not known.
2. 2nd-preimage resistance - it is computationally infeasible to find
any second input which has the same output as any specified input, i.e.,
given x, to find a 2nd-preimage x' =/= x such that h(x) = h(x').
3. collision resistance - it is computationally infeasible to find any
two distinct inputs x,x' which hash to the same output, i.e., such that
h(x) = h(x'). (Note that here there is free choice of both inputs.)
Full-Disclosure is hosted and sponsored by Secunia.