Re: Should be in crypto for John E. Hadstate Re: just stupid?
From: Joe Peschel (jpeschel_at_no.spam.org)
Date: Tue, 19 Jul 2005 02:00:11 -0000
Crypto@S.M.S wrote in news:firstname.lastname@example.org:
> Joe Peschel wrote:
>> " \"- Prof. Jonezę\"" <email@example.com> wrote in
>>>Joe Peschel wrote:
>>>>Here's the entire graf:
>>>> Certainly. Assuming a common passphrase length
>>>> of around 20 characters, and assuming it is
>>>> English, this will have 20-30 bits of entropy,
>>>> MD5 will be enough to uniquely identify each
>>>> of these, and MD5 can be effectively reversed
>>>> under these circumstances in under 1 hour.
>>>> This will yield the entire original passphrase,
>>>> leading immediately to a complete compromise.
>>>> So 1 hour.
>>> "This will yield the entire original passphrase,
>>> leading immediately to a complete compromise.
>>> So 1 hour."
>> The quotation says nothing about a personal computer and Joe said
>> nothing there about executing the attack.
> But his other claims to a "break" did. Take a look at
> <d1wue.1408$N22.firstname.lastname@example.org>, wherein
> he stated:
> Because of the smallness of the input there simply aren't enough
> collidable values. My break didn't even actually use the MD5
> attacks, instead it was based on generating and hashing each of the
> 2^47 different possible values until one collides. Considering that
> an up-to-the-minute laptop is clocked just shy of 2^32 ops/sec, and
> that MD5 is only a few clocks to generate a short output, the
> result is that in about 1 hour the collision should be found.
> What's that? "My Break"? "Up-To-The-Minute Laptop"? That says
> something about personal computers and executing the attack.
He's talking about the theoretical or academic break that he had been talk
about since his initial reply. As for the laptop -- he's estimating how
long the attack should take.
You've quoted Joe. Don't pretend now that you don't understand what he was
> Please stop changing your position.
I haven't changed my position.
> Either you can break CryptoSMS
> or you can't Talking about it doesn't count.
Show me where I've said that I could break, or said I was even trying to
break your program.
> And switching horses
> in midstream doesn't make you look too clever either.
I haven't switched horses. I haven't claimed I could or couldn't break your
-- __________________________________________ http://www.impeach-bush-now.org Joe Peschel D.O.E. SysWorks http://members.aol.com/jpeschel/index.htm __________________________________________