SHA-1 collisions now 2^52

begood · May 29, 2010

In November 2008, Stéphane Manuel published a new disturbance

vector for SHA-1 with complexity 2^57. He provided no differential path

through the first 20 steps.

Using Joux and Peyrin’s boomerang attack with n auxiliary

differentials, the complexity can be reduced to 2(57?n).

Our goal is to find a non-linear main differential path through the

first 20 steps where a maximum number of auxiliary differentials can

be applied.

Achieved: A differential path with 5 independent auxiliary paths -

complexity 2^52.

http://eurocrypt2009rump.cr.yp.to/837a0a8086fa6ca714249409ddfae43d.pdf

Edited May 29, 2010 by begood

begood · June 1, 2010

da, doi ratati ce folosesc aceeasi parola.

probabil in genul 123456 sau iloveyourmata

begood · June 1, 2010

Nu ai inteles, hasul e generat din stringul USER:PAROLA, degeaba au aceeasi parola (ceea ce nu e cazul aici) => stringuri diferite => hashuri identice => SHA1 collision

vreau parolele roaga-i sa ti le trimita, e interesanta chestia !

don't worry i don't give a fuck about their accounts.

begood · June 1, 2010

eu nu cred ca ai doua coliziuni

ia mai verifica tu algoritmul tau, ma prea indoiesc ca e sha1(username : password)

gandeste-te. sansele sa se intample asta sunt 1 la 2^53

1 : 9007199254740992

mai degraba e sha1 (password) sau mysql5(password).

verifica facand un cont nou cu parola "aaaaa", vezi hashul din baza de date si compara-l cu datele generate aici. asa poti fi sigur de algoritmul folosit.

Edited June 1, 2010 by begood

begood · June 2, 2010

frate, nu te tratez nicicum, vreau doar username-ul si parola de la cei doi, ii poti ruga frumos sa ti-o dea si sa-si schimbe parola apoi.

E foarte interesanta chestia descoperita !

//am tendinta sa explic cat mai detaliat. asta nu inseamna ca te subestimez, e din obisnuinta.

Edited June 2, 2010 by begood

Sign In

SHA-1 collisions now 2^52

Recommended Posts

begood

begood

begood

begood

begood

Join the conversation

Browse

Activity

Pages