[Sussex] Q & A session from last nights presentation

Andrew Guard andrew at andrewguard.com
Fri Jun 30 09:00:22 UTC 2006


Colin Tuckley wrote:
> At my presentation last night Steve talked a bit about altering the text of
> a signed message in such a way that the digest (and hence the signature) are
> still valid.
> 
> I've done a bit more research this morning and have found the following:
> 
> 1) The older message digest (hash) functions are indeed vulnerable. They are
> no longer used because of this. The newer SHA-2 digest has so far proved to
> secure.
> 
> 2) The amount of computer resources required to generate a 'collision' even
> in the older SHA-1 algorithm is very large (we are talking 2^69 operations
> here). An example attack against the even more simple SHA-0 algorithm was
> attempted. Finding the collision had complexity 2^51 and took about 80,000
> CPU hours on a supercomputer with 256 Itanium 2 processors. So hardly practical!
> 
> So in theory Steve is correct, however in practice even governments have
> trouble cracking the old algorithms and have not yet been able to crack the
> newer ones.
> 

It very well know exploited about MD5 but SHA-2 can also in theory be 
cracked.  For people who don't know SHA uses encryption to make it 
harder to this for of attack.

What I was say last night was this

Example Text "ABC"

You hash that "ABC" which gives hash of say 543. So it says
"ABC
543"

Then you take that
"ABC
543" and created an hash for that data saying comes back 325 so it says

"ABC
543
325"

That it to complex to be cracked as it been double hashed.


http://en.wikipedia.org/wiki/SHA1
http://en.wikipedia.org/wiki/MD5
-- 

C.R.A.P. formally know as DRM
Cancellation, Restriction, and Punishment
http://www.p2pnet.net/story/8080





More information about the Sussex mailing list