Re: Determining the encryption used

From: Phoebe Tunstall (foibey@gmail.com)
Date: Fri May 12 2006 - 15:42:44 EDT

• Next message: Jason Kratzer: "RFID's"
• Previous message: John Carrier: "Fwd: Nmap/Mysql"
• In reply to: Tim: "Re: Determining the encryption used"
• Next in thread: Peter Kosinar: "Re: Determining the encryption used"
• Reply: Peter Kosinar: "Re: Determining the encryption used"
• Reply: Tim: "Re: Determining the encryption used"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 12 May 2006 12:48:48 -0400
Tim <tim-pentest@sentinelchicken.org> wrote:

> For the purpose of a one-way function, neither MD5 nor SHA1 has been
> broken. AFAIK, they are only vulnerable to collision attacks, not first
> preimage or second preimage attacks, which rely on different properties.
> Using these functions for specific purposes (such as hashing passwords)
> is perfectly fine right now.

I'm don't know a lot about these matters, but I was under the impression that if a password verification system is checking passwords against a hash table, all you needed was a collision (as this would hash to the correct value in the table and the comparison of the two would return true).

Is this really naive?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFEZOU81vzgRTK71/IRAjBYAKDLJYVcBoZCQy3WR911TIlg5zcbgwCfRYen
W8wCDNBBA9HENfLAD/WOMPo=
=gjuD
-----END PGP SIGNATURE-----

• Next message: Jason Kratzer: "RFID's"
• Previous message: John Carrier: "Fwd: Nmap/Mysql"
• In reply to: Tim: "Re: Determining the encryption used"
• Next in thread: Peter Kosinar: "Re: Determining the encryption used"
• Reply: Peter Kosinar: "Re: Determining the encryption used"
• Reply: Tim: "Re: Determining the encryption used"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:57 EDT