7 matches found
Properties of secure hash functions
The news of NIST and their SHA-3 algorithm competition and a recent lunch and learn at Denim Group reminded me of the Cryptographic lectures I gave at UTSA. One of the hardest concepts my students had grasping was secure cryptographic hash functions, partially because of the number theory, but al...
Exploit Fully Breaks SHA-1, Lowers the Attack Bar
A proof-of-concept attack has been pioneered that “fully and practically” breaks the Secure Hash Algorithm 1 SHA-1 code-signing encryption, used by legacy computers to sign the certificates that authenticate software downloads and prevent man-in-the-middle tampering. The exploit was developed by...
CVE-2005-4900
SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2. NOTE: this CVE exists to provide a common identifier for referencing this SHA-1 issue; the existence of an identifier is...
CVE-2004-2761
CVE-2004-2761 describes that the MD5 Message-Digest Algorithm is not collision resistant, enabling context-dependent spoofing attacks, notably in X.509 certificate signatures. Several connected sources corroborate this weakness and its use in real-world contexts (e.g., Red Hat SCEP / PKI componen...
CVE-2004-2761
The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate...
SHA family hash functions cryptographic weakness
Cryptographic weakness found making real strength against coliisions: collisions in the the full SHA-1 in 269 hash operations, much less than the brute-force attack of 280 operations based on the hash length. Collisions in SHA-0 in 239 operations. Collisions in 58-round SHA-1 in 233 operations...
PT-2005-1108
Name of the Vulnerable Software and Affected Versions SHA-1 affected versions not specified Description The issue is related to the SHA-1 algorithm not being collision resistant, making it easier for attackers to conduct spoofing attacks. This has been demonstrated by attacks on the use of SHA-1 ...