[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] In case y'all didn't catch it yet...



On Thursday 17 February 2005 10:57, Lionel Ferette wrote:

> Granted. But what would those "somebody" find? Maybe it is possible to
> forge a message that would have the same hash as another, given, message.
> What is the probability of such a forged message to make any sense? More,
> to make any sense in an "interesting" way for those "somebody"?
>
> I fully agree that the basis for non-repudiation has been shaken: someone
> may claim that (s)he did not sign a message, since it may be possible to
> forge. But I won't lose sleep because of that.

One possibility is brute forcing password hashes. If one has this hash 
'988881adc9fc3655077dc2d4d757d480b5ea0e11', less time is now needed to brute 
force it and gain access to something.

 - Vincent
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html