[Standards] Re: [jdev] XEP-0115: Entity Capabilities

Michal 'vorner' Vaner vorner at ucw.cz
Wed Jul 4 09:57:10 UTC 2007


Hello

On Wed, Jul 04, 2007 at 10:38:26AM +0100, Dave Cridland wrote:
>  (FWIW, Ian's mention of a "one hour attack" is a collision attack, not a 
>  preimage attack, and finds a pair of two-block messages which collide, both 
>  of which have specific properties, and the time figures are quoted for an 
>  IBM P690, which is somewhat bigger iron than I have about, anyway. Our 
>  attacker needs a selected preimage attack, and will almost certainly need 
>  one where the legitimate message is several blocks long for MD5, and their 
>  primary source of computing power is likely to be a distributed botnet at 
>  best - I'm not clear if this attack is distributable or not, but I'm not 
>  concerned by it).

Not sure what attack he mentioned, but there is collision project.
Collisions in time of minutes on PC, and there is something about
generating a colliding data with some prefix if I understand it well
(there was something it can generate data that has given MD5 and with
some initial hash state or so).

http://cryptography.hyperlink.cz/MD5_collisions.html

Not that I would understand it much, nor read it properly, just that the
author is from the same country as me, so I heard about it.

So I think if you have few hours or days, you have no much problems in
finding something, if you know how.

-- 
The human mind ordinarily operates at only ten percent of its capacity
-- the rest is overhead for the operating system

Michal 'vorner' Vaner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/standards/attachments/20070704/8f51711e/attachment.sig>


More information about the Standards mailing list