[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] In case y'all didn't catch it yet...

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] In case y'all didn't catch it yet...
From: Vincent van Scherpenseel <mailinglists@xxxxxxxxxxxxxxxxxx>
Date: Thu, 17 Feb 2005 11:50:33 +0100

On Thursday 17 February 2005 10:57, Lionel Ferette wrote:

> Granted. But what would those "somebody" find? Maybe it is possible to
> forge a message that would have the same hash as another, given, message.
> What is the probability of such a forged message to make any sense? More,
> to make any sense in an "interesting" way for those "somebody"?
>
> I fully agree that the basis for non-repudiation has been shaken: someone
> may claim that (s)he did not sign a message, since it may be possible to
> forge. But I won't lose sleep because of that.

One possibility is brute forcing password hashes. If one has this hash 
'988881adc9fc3655077dc2d4d757d480b5ea0e11', less time is now needed to brute 
force it and gain access to something.

 - Vincent
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] In case y'all didn't catch it yet...
  - From: Martin Eian

References:
- Re: [Full-Disclosure] In case y'all didn't catch it yet...
  - From: Bart . Lansing
- Re: [Full-Disclosure] In case y'all didn't catch it yet...
  - From: Valdis . Kletnieks
- Re: [Full-Disclosure] In case y'all didn't catch it yet...
  - From: Lionel Ferette

Prev by Date: [Full-Disclosure] Yahoo Problems?
Next by Date: [Full-Disclosure] [USN-78-2] Fixed mailman packages for USN-78-1
Previous by thread: Re: [Full-Disclosure] In case y'all didn't catch it yet...
Next by thread: Re: [Full-Disclosure] In case y'all didn't catch it yet...
Index(es):
- Date
- Thread