Second Life Forums Archive - md5 broken, sha1 please?

Francis Chung

This sentence no verb.

Join date: 22 Sep 2003

Posts: 918

09-25-2004 13:02

So, now that we know llMd5Sum can be cracked, can we can llSha1Hash?

In case you missed the hooplah:

http://eprint.iacr.org/2004/199.pdf

_____________________

--
~If you lived here, you would be home by now~

Hank Ramos

Lifetime Scripter

Join date: 15 Nov 2003

Posts: 2,328

09-30-2004 07:29

Seconded.

Jack Digeridoo

machinimaniac

Join date: 29 Jul 2003

Posts: 1,170

09-30-2004 07:30

Is that public key? I need public key!! Ciphers won't protect me!!

_____________________

If you'll excuse me, it's, it's time to make the world safe for democracy.

Hank Ramos

Lifetime Scripter

Join date: 15 Nov 2003

Posts: 2,328

09-30-2004 07:32

I second public key encryption too!

Essence Lumin

.

Join date: 24 Oct 2003

Posts: 806

09-30-2004 09:07

As I understand it, if I make a md5 signature it still can't be cracked. What can be done now that couldn't be done before is an individual can create two different texts that come out to the same md5 sum. This could be a bad thing if some evil person, signed a note they made themselves promising to pay you L1000000, and then changed the note to say L1 with the same checksum. They can't do that either now I don't think because the two texts have to be very carefully crafted to get the same md5 sum and one of two undoubtedly looks like binary gibberish.

Also, md5 and sha-1 aren't about public key, they are a way of signing data.

Strife Onizuka

Moonchild

Join date: 3 Mar 2004

Posts: 5,887

09-30-2004 21:53

*cough*

In depth coverage of the issue of Hash's.
http://www.unixwiz.net/techtips/iguide-crypto-hashes.html

It's suggested that collisions exist in SHA as well.

useful links:
Quick Lookup Table For Broken Hash's
SHA Collisions

IMHO you shouldn't expect hash signatures to be secure... you're describing a larger set of data in a lesser set. If you aren't transferring arbitrary data you would need very cleverly crafted sets of messages to have them pass examination.

_____________________

Truth is a river that is always splitting up into arms that reunite. Islanded between the arms, the inhabitants argue for a lifetime as to which is the main river.
- Cyril Connolly

Without the political will to find common ground, the continual friction of tactic and counter tactic, only creates suspicion and hatred and vengeance, and perpetuates the cycle of violence.
- James Nachtwey

md5 broken, sha1 please?
Francis Chung This sentence no verb. Join date: 22 Sep 2003 Posts: 918	09-25-2004 13:02 So, now that we know llMd5Sum can be cracked, can we can llSha1Hash? In case you missed the hooplah: http://eprint.iacr.org/2004/199.pdf _____________________ -- ~If you lived here, you would be home by now~
Hank Ramos Lifetime Scripter Join date: 15 Nov 2003 Posts: 2,328	09-30-2004 07:29 Seconded.
Jack Digeridoo machinimaniac Join date: 29 Jul 2003 Posts: 1,170	09-30-2004 07:30 Is that public key? I need public key!! Ciphers won't protect me!! _____________________ If you'll excuse me, it's, it's time to make the world safe for democracy.
Hank Ramos Lifetime Scripter Join date: 15 Nov 2003 Posts: 2,328	09-30-2004 07:32 I second public key encryption too!
Essence Lumin . Join date: 24 Oct 2003 Posts: 806	09-30-2004 09:07 As I understand it, if I make a md5 signature it still can't be cracked. What can be done now that couldn't be done before is an individual can create two different texts that come out to the same md5 sum. This could be a bad thing if some evil person, signed a note they made themselves promising to pay you L1000000, and then changed the note to say L1 with the same checksum. They can't do that either now I don't think because the two texts have to be very carefully crafted to get the same md5 sum and one of two undoubtedly looks like binary gibberish. Also, md5 and sha-1 aren't about public key, they are a way of signing data.
Strife Onizuka Moonchild Join date: 3 Mar 2004 Posts: 5,887	09-30-2004 21:53 cough In depth coverage of the issue of Hash's. http://www.unixwiz.net/techtips/iguide-crypto-hashes.html It's suggested that collisions exist in SHA as well. useful links: Quick Lookup Table For Broken Hash's SHA Collisions IMHO you shouldn't expect hash signatures to be secure... you're describing a larger set of data in a lesser set. If you aren't transferring arbitrary data you would need very cleverly crafted sets of messages to have them pass examination. _____________________ Truth is a river that is always splitting up into arms that reunite. Islanded between the arms, the inhabitants argue for a lifetime as to which is the main river. - Cyril Connolly Without the political will to find common ground, the continual friction of tactic and counter tactic, only creates suspicion and hatred and vengeance, and perpetuates the cycle of violence. - James Nachtwey

Welcome to the Second Life Forums Archive

md5 broken, sha1 please?