Re: Now that SHA-1 is cracked...
From: Matt Gibson (mattg_at_blueedgetech.ca)
Date: 02/22/05
- Next message: Robert: "Re: Anonymous Acccess to File Share on Windows Server 2003"
- Previous message: NoSpam: "Re: SMTP Security"
- In reply to: Galen: "Re: Now that SHA-1 is cracked..."
- Next in thread: thurberk_at_cscsw.com: "Re: Now that SHA-1 is cracked..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 21 Feb 2005 22:16:04 -0800
Sorry Galen!
After reading through the thread with a little more care, I noticed your
post farther down explaining all that!
Many thanks for the words of praise...hopefully I'll live up to your
expectations ;)
It'll be intresting to see what the paper actually has to offer. I have a
feeling we'll see a lot of hasty retractions after it comes out.
If anyone's at all worried about the recent problems with MD5, SHA-0 and (it
would seem) SHA-1, all they need to do is use more than one hashing
function. I'd like to see someone come up with a collision in more than one
(non-related) hash algo at once.
Matt Gibson - GSEC
"Galen" <galennews@gmail.com> wrote in message
news:%23XtOLwJGFHA.3732@tk2msftngp13.phx.gbl...
> In news:eO5MzTJGFHA.3492@TK2MSFTNGP12.phx.gbl,
> Matt Gibson <mattg@blueedgetech.ca> had this to say:
>
>> There's a few things that should be said on all these "SHA-1 is
>> cracked" sites that rarely is.
>
> Having read (indeed you're flagged an ugly magenta color by default with
> OE -- sorry about that but I was running out of choices) a number of your
> posts in the past I've found that I have never been able to find one flaw
> in
> a single post you've sent unless it was a typo and in that case I probably
> didn't even notice that. I have even read your papers about securing SMS
> 2000, I thought that it was well written and informative by the way. My
> statement, just so you're aware, was just to show why the OP might have
> thought that this was "reliable information." People, I think this is more
> true of Western culture, tend to believe the news which, more often than
> not, is biased in an effort to get a reaction, more readers/watchers, and
> greater status.
>
> What's more, in these "news sites," they should mention the vast amount of
> computing power and time that it would take to accomplish this task even
> if
> it's true. I use in this message the term "news" lightly and I hope that
> you'll allow me to do so as I don't tend to think of blogs as a reliable
> news medium nor do I follow much in the way of corporate sponsored news.
>
> Mayhaps I should have put a "*chuckle*" behind the post about the OP
> reading
> the news so that you were aware that I was agreeing with you and not
> claiming the news was valid. Alas, I did not. I place these type of posts
> on
> par with the people who post "I heard that MSN was going to shut down MSN
> Messenger tomorrow at 9:00 AM if I didn't post this message to 100 people.
> Is this true?" (Usually posted in all caps with a vague topic and a real
> email address. Not to worry, they'll be back in three days asking about a
> virus and in ten asking about all the spam they're receiving.)
>
> Anyhow, there's no hope in changing the media and even smaller hope in
> halting the number of questions which we'll receive about vague forms of
> possible security threats. The best thing I can think of to tell people is
> that the lines drawn for security are based on the person themselves and
> what they want to get from the internet. If it's so valuable to them that
> they're truly willing to risk the danger then it's something they should
> do -- provided they've made an informed choice and are aware of the risks
> before making the decision.
>
> Galen
> --
>
> "My mind rebels at stagnation. Give me problems, give me work, give me
> the most abstruse cryptogram or the most intricate analysis, and I am
> in my own proper atmosphere. I can dispense then with artificial
> stimulants. But I abhor the dull routine of existence. I crave for
> mental exaltation." -- Sherlock Holmes
>
>
- Next message: Robert: "Re: Anonymous Acccess to File Share on Windows Server 2003"
- Previous message: NoSpam: "Re: SMTP Security"
- In reply to: Galen: "Re: Now that SHA-1 is cracked..."
- Next in thread: thurberk_at_cscsw.com: "Re: Now that SHA-1 is cracked..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
