[Full-disclosure] Chinese Professor Cracks Fifth Data Security Algorithm (SHA-1)
wac
waldoalvarez00 at gmail.com
Sat Mar 24 16:48:10 GMT 2007
Of course not, is enough to find a collision and you'll get for example a
message signed by somebody else that looks completely authentic since
signatures encrypt that hash with the private key.
On 3/21/07, Blue Boar <BlueBoar at thievco.com> wrote:
>
> 3APA3A wrote:
> > First, by reading 'crack' I thought lady can recover full message by
> > it's signature. After careful reading she can bruteforce collisions 2000
> > times faster.
>
> Cracking a hash would never mean recovering the full original message,
> except for possibly messages that were smaller than the number of bits
> in the hash value. There are an infinite number of messages that all
> hash to the same value.
>
> The best crack you can have for a hash is to be able collide with an
> existing hash value and be able to choose most of the message contents.
>
> BB
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070324/3ac249e3/attachment.html
Full-Disclosure is hosted and sponsored by Secunia.