Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: Irreversible hashing algorithms

  1. #11
    Junior Member
    Join Date
    Dec 2007
    Posts
    12
    Quote Originally Posted by oofki
    Ive heard the same thing ildjarn but i think that was just a rumor i dont think it was confirmed. As far as Md5 it is a great algo but since rainbow tables were introduced it is not as secure. Same with any hash really rainbow tables can be made which can make the stored password useless if the hash is obtained.

    Edit: I looked into that chinese thing and I think all they found is a way to produce md5 collisions which is not really a big deal any irreversible algo has collisions afaik..
    Any hashing function that returns a fixed size string, will of course have collisions, finite amount of output, infinate amounts of input. It is the strength of the function that will make it difficult to find these collisions and to limit the number the best it can, however when you can start to predict these collisions it is safe to say the hash has been broken, go look at linux distro download sites, what do they use to validate a valid iso? md5, now that we can predict collisions we can theortically create 2 isos with the same hash, but very different data, lets say a logging method attached to the pam modules? It is also not just isos many applications use md5 to ensure the validity of their binaries, and what of tripwire, can we trust it anymore? While im sure a preimage attack is a long way off, as i said in my previous post, seeing a cell processor churn out 1.8 billion hashes a second, md5 is as good as broken(well in mine and many other security experts eyes).

  2. #12
    Senior Member
    Join Date
    Mar 2004
    Posts
    557
    Hi

    Good contribution, ildjarn. I haven't seen before that you mentioned
    preimage attacks, but excellent that you did so now! Salting is a simple
    and effective method to render rainbow tables useless - Rainbow tables
    have no style anyway (except the storage method!)


    Quite a while ago, we did discuss the compromise of MD5[1,2] and
    SHA-1[3,4,5] on this site. There are references to the original articles,
    and to papers of some PoC-like studies. It is all dated, of course.

    I have to admit that I have not looked into it since a year, but:
    Although the research papers are genuine and should to be taken
    seriously, nothing spectacular happened the last 3 years (well, we
    may ask the chinese or american government ) as far as I know.
    I am happy to be corrected.

    Cheers

    P.s. As a side note: the references to antionline-articles in the
    posts below are not usable anymore (since Jupitermedia changed
    the 'layout' of this site a while ago).

    [1] http://antionline.com/showthread.php?t=269146
    [2] http://antionline.com/showthread.php?t=261884
    [3] http://antionline.com/showthread.php?t=263481
    [4] http://antionline.com/showthread.php?t=267248
    [5] http://antionline.com/showthread.php?t=273285




    Cheers
    Last edited by sec_ware; December 2nd, 2007 at 11:34 AM.
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

  3. #13
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    P.s. As a side note: the references to antionline-articles in the
    posts below are not usable anymore (since Jupitermedia changed
    the 'layout' of this site a while ago).
    Old cross-references don't work, external links have vanished and attachments disappeared. Also, polls don't attach to their original threads.

    This was a problem of updating to a newer version of vBulletin from a very old bastardised version. The natural progression of updates had been broken and the new version uses a different indexing system.

    It has absolutely nothing to do with the layout, just the underlying software.


  4. #14
    Junior Member
    Join Date
    Dec 2007
    Posts
    12
    Quote Originally Posted by sec_ware
    Hi

    Good contribution, ildjarn. I haven't seen before that you mentioned
    preimage attacks, but excellent that you did so now! Salting is a simple
    and effective method to render rainbow tables useless - Rainbow tables
    have no style anyway (except the storage method!)
    Eh some friends of mine put alot of effort into writing a super fast rainbow table some of the code in there was pretty fancy massive list of hashes, and amazing return speeds, but thats neither here or there.
    As you and i both mentioned before salting helps greatly especially if you use per user salts rather than program/site wide salts, but still not 100%.

    Quote Originally Posted by sec_ware
    Quite a while ago, we did discuss the compromise of MD5[1,2] and
    SHA-1[3,4,5] on this site. There are references to the original articles,
    and to papers of some PoC-like studies. It is all dated, of course.

    I have to admit that I have not looked into it since a year, but:
    Although the research papers are genuine and should to be taken
    seriously, nothing spectacular happened the last 3 years (well, we
    may ask the chinese or american government ) as far as I know.
    I am happy to be corrected.

    Cheers

    P.s. As a side note: the references to antionline-articles in the
    posts below are not usable anymore (since Jupitermedia changed
    the 'layout' of this site a while ago).

    [1] http://antionline.com/showthread.php?t=269146
    [2] http://antionline.com/showthread.php?t=261884
    [3] http://antionline.com/showthread.php?t=263481
    [4] http://antionline.com/showthread.php?t=267248
    [5] http://antionline.com/showthread.php?t=273285




    Cheers
    Heh was going to link you to an article on sha-1 and when i opened my browser to grab the url i noticed this on the slashdot rss which is an article on what i was talking about before, using a new method that the same group researched on the origional prof. collision research.

    http://www.win.tue.nl/hashclash/SoftIntCodeSign/

    That article links to another article on sha-1 that is an interesting read, eh with the decressing costs of both processing power and storage, i honestly cant see why we cant step up to something like sha-256(i know the US government requires it for some applications dealing with sensitive data) microsoft is also pushing it for its use

    http://www.eweek.com/article2/0,1759,1859751,00.asp

    Despite a preimage attack on any of the above mentioned hashes. For digital signatures of binary, with the ability to generate collisions for md5, and with enough time(the amount of time is dropping) the same for sha-1. The nails are fairly secure in the coffin for these hashes.

  5. #15
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,052
    if the cell cpus on a ps3 can put out 1.8 billion hashes a second how is that relative to say a 3 ghz dualcore?

Similar Threads

  1. ZWinCrypt - Simple C++ Library for Hashing, Encryption and Compression
    By encipher in forum Cryptography, Steganography, etc.
    Replies: 0
    Last Post: April 11th, 2007, 02:25 AM
  2. Possible flaw in RSA and other modulus based encryption algorithms.
    By Overlord_77520 in forum Cryptography, Steganography, etc.
    Replies: 2
    Last Post: September 2nd, 2005, 11:59 PM
  3. Encryptions Algorithms
    By BUDsmoker in forum Cryptography, Steganography, etc.
    Replies: 4
    Last Post: May 8th, 2005, 07:52 PM
  4. Encryption Algorithms - Basics
    By kruptos in forum The Security Tutorials Forum
    Replies: 0
    Last Post: January 29th, 2005, 01:01 AM
  5. Introduction about cryptography
    By nirvanainheaven in forum AntiOnline's General Chit Chat
    Replies: 1
    Last Post: March 24th, 2003, 04:51 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •