Re: [Full-disclosure] Month of Random Hashes: DAY THREE



Dëêþàñ Çhäkrãvârthÿ wrote:

I am not sure what exactly people do with random hashes. Do you people
try to decrypt using rainbow table or anything similar to that ?
Guys I am in the dark, please help me.

The original intent was that someone discovering a vuln would post the
hash of the POC to the list so that later when it was widely released
they could prove the point in time at which they found it.

Hashing is not encryption, so flush the notion of "decrypt a hash" from
your brain. For any given hash there are an infinite number of inputs
that would result in that same output, though most of them are
meaningless strings of garbage of astronomical length. In the case of
passwords since it is known that they are typically short in length and
have a limited set of characters it's sometimes possible to come up with
an input that is sensible, but for something like a POC of a
vulnerability it would be quite naive to think that you could ever
recover it in any reasonable amount of time. That was never the intent
anyway; it was about proving who was first to discover something.

But seeing as this is FD and there has been a rash of "Month of Foo"
nonsense, I think someone is just taking the piss and further degrading
the already miniscule SNR of this list. Unless a posted hash is
correlated to the release of some POC or other item of interest, it's
noise.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • Re: [Full-disclosure] Month of Random Hashes: DAY THREE
    ... The original intent was that someone discovering a vuln would post the ... hash of the POC to the list so that later when it was widely released ... Hashing is not encryption, so flush the notion of "decrypt a hash" from ...
    (Full-Disclosure)
  • RE: Problem while decrypting
    ... Decrypt will decrypt ANY GARBAGE ... in CBC mode a block error affects only two ... simple hash: attach the hash value of the original data at the end, ... > i was encrypting the data using the pass phrase. ...
    (microsoft.public.platformsdk.security)
  • Re:Basic Question
    ... You assume that there could exist a second key that ... would decrypt a message encrypted with another key into meaningful content? ... In that respect hash functions wouldn't help, ... you would have to find a meaningful message that gave you the collision. ...
    (talk.politics.crypto)
  • Re: Simple Question: Always the same cyphertext?
    ... > encrypt a file twice with the same key and obtain the same ciphertext does ... > if you are going to decrypt the file later. ... >> whereby I would like to verify the integrity of a file using a hash. ... I will encrypt the file ...
    (sci.crypt)