Remember, this SHA1 attack is *not* the attack that broke MD5 TLS certs and gave us Flame. *This* attack on MD5 you can run on a smartphone.
-
-
Replying to @marcan42
This SHA1 attack does NOT allow you to collide an innocent-looking file with a malicious file. You need TWO blatantly malicious files.
2 replies 13 retweets 10 likes -
Replying to @marcan42
... of course, if nobody's looking at the hex dump, one of those files might not look malicious when you open it. Hence the PDF trick.
1 reply 3 retweets 5 likes -
Replying to @marcan42
Similarly, you could make two colliding binaries and have them behave differently, but the "evil" code would have to exist in both.
1 reply 6 retweets 8 likes -
Replying to @marcan42
This is the last nail in the "but it isn't broken yet" excuse to keep using SHA-1, so if you haven't *started* migrating yet, start *now*.
1 reply 12 retweets 18 likes -
Replying to @marcan42
Hash attacks 101: preimage=any clean file; chosen prefix=64b of junk in otherwise clean known file; same prefix=both files evil.
1 reply 5 retweets 7 likes -
Replying to @marcan42
preimage=we're screwed (not even MD*2* is preimage-broken); chosen prefix=Flame, git totally broken; same prefix=git safe-ish for code.
2 replies 6 retweets 12 likes -
Replying to @marcan42
is there any cryptographic hash that is preimage-broken? only thing that comes to mind is CRC32, but that's not cryptographic
1 reply 0 retweets 0 likes -
Replying to @demize95
Not aware of much. TEA used as a hash, maybe (that's one of the *many* ways the original Xbox was made of fail and got pwned).
1 reply 0 retweets 0 likes -
Also MEGA's attempt at using AES-CBC-MAC as a hash (it isn't) was trivially breakable.
1 reply 0 retweets 0 likes
But both of those are cases of someone making a hash out of something not meant to work as a hash.
7:18 AM - 23 Feb 2017
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.