[ILUG] SSH dictionary attacks.
Proinnsias Breathnach
proinnsias at linux.ie
Tue Aug 29 17:57:34 IST 2006
On Tue, Aug 29, 2006 at 05:53:12PM +0100, Harry Duncan wrote:
> kevin lyda wrote:
> >That's nice. But you're missing the point. What you've described is
> >impossible mathematically.
>
> Quit correct Kevin. The biggest upset to cryptography has always been
> the emergence of collissions in the hashing algorithms, and they've
> always been quite correctly dismissed as "meaningless", but now that
> schemes exist for the generation of _meaningful_ collissions in both
> MD5 and SHA1, the whole basis for trust, and trust paths / chains is
> out the window.
>
> If it relies on trust / trust chains, it can no longer be done, not
> until the maths world come up with some new scheme.
>
Are there even theoretical collisions that result in both the same MD5
*and* SNA1 hash for the message(s) in question ?
If not - surely just a twin-hash approach would solve a multitude of
immediate problems - with todays' tools ?
P
More information about the ILUG
mailing list