Re: CryptoCritic Blowhards Dumber than a Dopey Housewife ? -- un-hashing to reveal pass phrase [was: crypto sms]
From: \ (jonez_at_norcom.ca)
Date: 06/23/05
- Next message: \: "Re: un-hashing to reveal pass phrase [was: crypto sms]"
- Previous message: \: "Re: crypto sms"
- In reply to: Joseph Ashwood: "Re: un-hashing to reveal pass phrase [was: crypto sms]"
- Next in thread: tomstdenis_at_gmail.com: "Re: un-hashing to reveal pass phrase [was: crypto sms]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 23 Jun 2005 11:25:04 -0600
Joseph Ashwood wrote:
> <Crypto@S.M.S> wrote in message
> news:11bkrbplrl0bp89@news.supernews.com...
> > Thanks to all in Sci.Crypt for pointing fingers at
> > this relatively new work (to me at least) on attacking
> > hash functions:
> >
> > http://cryptography.hyperlink.cz/md5/Vlastimil_Klima_MD5_collisions.pdf
> > http://www.infosec.sdu.edu.cn/paper/md5-attack.pdf
> > http://www.infosec.sdu.edu.cn/paper/md4-ripemd-attck.pdf
> >
> > These papers bring up more questions than they answer,
> > with regard to breaking hashes to reveal pass phrases.
> >
> > In all of these papers, the "attack" is to compute a
> > colliding hash value. That is all well and good, but
> > how does being able to compute two collisions allow
> > you to "back-compute" from an hash value to the
> > text that produced it?
>
> That is fairly straightforward, because the approximate length is
> known and the entropic quantity is known this limits the number of
> possible passphrase to just 1 in this case (unless the passphrase has
> > 1000-whatever it was bits). By focusing only on the extremely
> limited MD5 which can hold more entropy than is in the passphrase the
> entire list can be narrowed to generally 1. This 1 collision is then
> the correct passphrase.
> The times given in those are old, in fact I don't think the latest
> papers have been officially published, but the show collisions in MD5
> in 15 minutes. Because there is only one colliding value, the result
> is the original passphrase.
>
> Because of the smallness of the input there simply aren't enough
> collidable values. My break didn't even actually use the MD5 attacks,
> instead it was based on generating and hashing each of the 2^47
> different possible values until one collides. Considering that an
> up-to-the-minute laptop is clocked just shy of 2^32 ops/sec, and that
> MD5 is only a few clocks to generate a short output, the result is
> that in about 1 hour the collision should be found.
So put up or shut up, asshat --
It's been over 195 hours ...
Newsgroups: misc.legal, sci.crypt, talk.politics.crypto, us.legal
From: poster <pos...@use.net>
Date: Tue, 14 Jun 2005 15:02:49 +1000
Local: Tues,Jun 14 2005 1:02 am
Subject: Re: crypto for Joseph Ashwood?
Since I'm a CryptoSMS user, I am very curious just how clever
Mr Ashwood is. Attached below are three CryptoSMS messages, all
of which are encrypted with the same passphrase and all of which
contain the same clear text. Mr Ashwood, would you please crack
these and post the contents for all to see? It should be easy
since you have 3 individual messages which are all internally
identical. Good luck.
??31m3dH-zpJ2ta8zI07sFm5o-UX5wrMwKtUOGffGoqz98P7RrUE0bNu4Yu0Sue-ZdUaNXK000??
??31SdibaVtKZ=50U74hLnQYg558NM=dopXVivzD5LOu1XQFqYIC1IK-6O1G7LQaRBbL41G000??
??31jKvmpN7DsULlMlD9ojQbe17m3R8eA8FL51HM1vln=zB3GkwtRBjcp3wS-2wRmcatMXK000??
<cue crickets chirping while the self-appointed cryptocritics FAIL to crack
such a defective and simplistic encryption>
> JoeBloe
- Next message: \: "Re: un-hashing to reveal pass phrase [was: crypto sms]"
- Previous message: \: "Re: crypto sms"
- In reply to: Joseph Ashwood: "Re: un-hashing to reveal pass phrase [was: crypto sms]"
- Next in thread: tomstdenis_at_gmail.com: "Re: un-hashing to reveal pass phrase [was: crypto sms]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
