Re: Determining the encryption used
- From: Phoebe Tunstall <foibey@xxxxxxxxx>
- Date: Fri, 12 May 2006 20:42:44 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, 12 May 2006 12:48:48 -0400
Tim <tim-pentest@xxxxxxxxxxxxxxxxxxx> wrote:
For the purpose of a one-way function, neither MD5 nor SHA1 has been
broken. AFAIK, they are only vulnerable to collision attacks, not first
preimage or second preimage attacks, which rely on different properties.
Using these functions for specific purposes (such as hashing passwords)
is perfectly fine right now.
I'm don't know a lot about these matters, but I was under the impression that if a password verification system is checking passwords against a hash table, all you needed was a collision (as this would hash to the correct value in the table and the comparison of the two would return true).
Is this really naive?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFEZOU81vzgRTK71/IRAjBYAKDLJYVcBoZCQy3WR911TIlg5zcbgwCfRYen
W8wCDNBBA9HENfLAD/WOMPo=
=gjuD
-----END PGP SIGNATURE-----
- Follow-Ups:
- Re: Determining the encryption used
- From: Tim
- Re: Determining the encryption used
- From: Peter Kosinar
- Re: Determining the encryption used
- References:
- Determining the encryption used
- From: John Madden
- Re: Determining the encryption used
- From: Tonnerre Lombard
- Re: Determining the encryption used
- From: Tim
- Determining the encryption used
- Prev by Date: Fwd: Nmap/Mysql
- Next by Date: RFID's
- Previous by thread: Re: Determining the encryption used
- Next by thread: Re: Determining the encryption used
- Index(es):
