[Standards] Re: [jdev] XEP-0115: Entity Capabilities

Michal 'vorner' Vaner vorner at ucw.cz
Wed Jul 4 09:57:10 UTC 2007


On Wed, Jul 04, 2007 at 10:38:26AM +0100, Dave Cridland wrote:
>  (FWIW, Ian's mention of a "one hour attack" is a collision attack, not a 
>  preimage attack, and finds a pair of two-block messages which collide, both 
>  of which have specific properties, and the time figures are quoted for an 
>  IBM P690, which is somewhat bigger iron than I have about, anyway. Our 
>  attacker needs a selected preimage attack, and will almost certainly need 
>  one where the legitimate message is several blocks long for MD5, and their 
>  primary source of computing power is likely to be a distributed botnet at 
>  best - I'm not clear if this attack is distributable or not, but I'm not 
>  concerned by it).

Not sure what attack he mentioned, but there is collision project.
Collisions in time of minutes on PC, and there is something about
generating a colliding data with some prefix if I understand it well
(there was something it can generate data that has given MD5 and with
some initial hash state or so).


Not that I would understand it much, nor read it properly, just that the
author is from the same country as me, so I heard about it.

So I think if you have few hours or days, you have no much problems in
finding something, if you know how.

The human mind ordinarily operates at only ten percent of its capacity
-- the rest is overhead for the operating system

Michal 'vorner' Vaner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/standards/attachments/20070704/8f51711e/attachment.sig>

More information about the Standards mailing list