Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CA+E3k93dfc22L1HNJmvrBZhdkcp2Ww7f=0H2KvugT=SpagQiyw@mail.gmail.com>
Date: Fri, 20 Nov 2015 22:16:15 -0900
From: Royce Williams <royce@...ho.org>
To: john-users@...ts.openwall.com
Subject: Re: password cracking as a subset of hash searching

On Fri, Nov 20, 2015 at 9:45 AM, Marek Wrzosek <marek.wrzosek@...il.com> wrote:
>
> Another use case is finding hash that looks almost exactly like some
> other hash (to trick human brain). This technique was used in MITM
> attack on ssh. It's called Fuzzy Fingerprints. You could read more about
> it here:
> http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.456.8211&rep=rep1&type=pdf
>
> If it was possible to generate RSA or DSA key with fingerprint similar
> to fingerprint of some other key, it should be easier to find plain-text
> with hash similar to some other hash.

Ah, yes - a use case that I totally neglected to mention in my pitch.
Thanks, Marek - both for highlighting the security implications of
partial hash searching, and for the phrase "fuzzy fingerprints" --
which I had not previously heard of.

Royce

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.