SEARCH RESULTS
 
Showing 1-10 of 24 records
 
Expand article

A cryptographic hash function reading guide

2007-11-23 16:01:18 by George Danezis in Light Blue Touchpaper
 
...hash function NIST has announced a competition to determine the next Secure Hash Algorithm, SHA-3. SHA-0 is considered broken, SHA-1 is still secure but no one knows for how long, and the SHA-2 family are desperately slow. (Do not even think about using MD5, or MD4 for which Prof. Wang can find collisions by hand, but RIPEMD-160 still...
 
Tags: function, hash functions, cryptographic hash functions, functions, functions secure, design, hash function design, compression functions, secure hash function
 
 
 
 
Expand article

A New Hash Competition

2008-05-22 14:32:02 by Editor in IEEE Security and Privacy
 
...hash functions in 2004, a rush of new cryptanalytic results cast doubt on the current hash function standards. The relatively new NIST SHA-2 standards aren't yet immediately threatened, but their long-term viability is now in question. The US National Institute of Standards and Technology (NIST) has therefore begun an international...
 
Tags: nist sha-2 standards, competition, standards, nist, sha-3 standard, international competition, collision attacks, long-term viability, article outlines
 
 
 
 
Expand article

What Does SHA1 is Broken Mean?

2007-12-12 07:35:00 by Eric Marvets in The Security Samurai
 
...hash function for the example (modifying an existing application to store hashed passwords The videos I did were part of the How Do I series, and not exactly the place to explain why it was appropriate to use SHA1. But for those of you looking to understand the why behind the example, Ill take a few minutes to explain it What exactly is...
 
Tags: sha1, choose sha1, sha1 protects, hash data, data, sha1 drops, hash function, hash, function
 
 
 
 
Expand article

WordPress 2.5 Cookie Forging Explained

2008-04-25 21:46:49 by Chris Eng in Zero in a bit
 
...HASH = USERNAME . "|" . EXPIRY TIME . "|" . MAC Where: COOKIEHASH: MD5 hash of the site URL (to maintain cookie uniqueness) USERNAME: The username for the authenticated user EXPIRY TIME: When cookie should expire, in seconds since start of epoch MAC: HMAC-MD5(USERNAME . EXPIRY TIME) under a key derived from a secret and USERNAME . EXPIRY...
 
Tags: cookie, wordpress authentication cookie, authentication cookie, cookie integrity bug, hash, hash hmac, user, user identity, maintain cookie uniqueness
 
 
 
 
Expand article

Squirreling Backdoors Into Distribution Points

2007-12-19 22:16:35 by Chris Eng in Zero in a bit
 
...hashes for integrity checking. The minute the Xiaoyun Wang paper on MD5 collisions was released, every security practitioner in the world considered MD5 unsafe from that point forward. Even though practical attacks had not yet been formulated, the writing was on the wall. Unfortunately, the rest of the world either didnt notice or didnt care...
 
Tags: md5 collisions, md5, md5 hashes, distribution, php, execute php code, execute, code, md5 unsafe
 
 
 
 
Expand article

A Brief Intro To Cryptographic Hashes/MD5

2008-05-10 20:33:02 by Editor in Irongeek's Security Site
 
...Hashes/MD5 A cryptographic hash function takes an input and returns a fixed size string that corresponds to it, called a hash. Cryptographic hashes have a lot of uses, some of which are: detecting data changes, storing or generating passwords, making unique keys in databases and ensuring message integrity. This video will mostly cover...
 
Tags: cryptographic hashes, hashes, md5 hashes, message integrity, video, unique keys, intro, cryptographic hashesmd5, lot
 
 
 
 
Expand article

Hardened stateless session cookies

2008-05-16 12:40:30 by Steven J. Murdoch in Light Blue Touchpaper
 
...hashing and cookie generation scheme. This is generally a bad idea, since its hard even for experts to get these right. Instead, whenever possible, a well-studied proposal should be chosen. It is for this reason that I suggested the phpass library for password hashing, and the Fu et al. stateless session cookie proposal These choices would be...
 
Tags: scheme, cookie generation scheme, cookie, cookie authentication schemes, cookies, stateless session cookies, fake cookie, cookie authentication key, authentication database
 
 
 
 
Expand article

A Brief Intro To Cryptographic Hashes/MD5

2008-05-10 20:33:02 by Editor in Irongeek's Security Site
 
...Hashes/MD5 A cryptographic hash function takes an input and returns a fixed size string that corresponds to it, called a hash. Cryptographic hashes have a lot of uses, some of which are: detecting data changes, storing or generating passwords, making unique keys in databases and ensuring message integrity. This video will mostly cover...
 
Tags: cryptographic hashes, hashes, md5 hashes, message integrity, video, unique keys, intro, cryptographic hashesmd5, lot
 
 
 
 
Expand article

Assessing the Security Benefits of Cloud Computing

The Article has images
2008-07-21 07:00:15 by Craig Balding in Cloud Security
...hash. For example, Amazon S3 generates an MD5 hash automagically when you store an object. In theory you no longer need to generate time-consuming MD5 checksums using external tools - its already there Decrease time to access protected documents : Immense CPU power opens some doors. Did the suspect password protect a document that is relevant...
 
Tags: benefits, cloud, security, technical security benefits, based, virtualization based cloud, efficient security software, security software, cloud market
 
 
 
 
Expand article

Adi Shamir's Cube Attacks

2008-08-19 13:15:35 by schneier in Schneier on Security
 
...hash functions, etc My personal joke -- at least I hope it's a joke -- is that he's going to break every NIST hash submission without ever seeing any of them More later. (I'm sorry, but I missed the name of his student/co-author for this work EDITED TO ADD (8/19): Okay, he thinks that AES is immune to this attack -- the degree of the...
 
Tags: degree, low-degree polynomial equation, cube attacks, adi shamir, attack, joke, cryptanalytic attack, personal joke, nist hash submission