RE: CRC32 vd MD5

From: Jason Coombs (jasoncat_private)
Date: Thu Jan 23 2003 - 14:35:23 PST

Next message: Kowalski, Thomas TL26C: "RE: IDS and forensics"

Previous message: perrierorat_private: "Re: IDS and forensics"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'm referring to infosec forensics not legal forensics.

Believing what you see on a computer screen makes invalid assumptions any
time an attacker can anticipate what it is that you expect to see. Using
MD5/SHA-1/etc. for hashing leaves you vulnerable to this type of social
engineering where your expectations are satisfied therefore you think you're
secure -- but anyone, anywhere could have come up with the key (the right
hash) that will satisfy your expectations -- so what good were those
expectations in the first place?

Jason Coombs
jasoncat_private

-----Original Message-----
From: Ed Carp [mailto:ercat_private]
Sent: Thursday, January 23, 2003 10:16 AM
To: Jason Coombs
Cc: adminat_private;
securityfocus.com!forensics@adsl-61-76-31.pns.bellsouth.net
Subject: RE: CRC32 vd MD5


On Sun, 19 Jan 2003, Jason Coombs wrote:

> I gain some security through obscurity if I supplement standard hash
> algorithms with algorithms of my own design -- and not because my own
> algorithms are going to be as provably secure/free of collisions, but
> because it is impossible for an attacker to know ahead of time what their
> bits are going to look like when processed by my code unless they first
> obtain a copy of my code.
>
> This is an appropriate role for security through obscurity; often times

I disagree.  If you can't prove that your algorithms don't actually
increase the chances of a collision, they're worthless, and they wouldn't
stand up for more than 30 seconds in a court of law.  By using your own
algorithms, you're just handing the case to a smart defense attorney - on
a very silver platter.
--
Ed Carp, N7EKG          http://www.pobox.com/~erc               214/986-5870
Licensed Texas Peace Officer
Computer Crime Investigation Consultant

Director, Software Development
Escapade Server-Side Scripting Engine Development Team
http://www.squishedmosquito.com

Microsoft Front Page - the official HTML editor of Al Qaeda
Microsoft Hotmail - the official email of Al Qaeda



-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Kowalski, Thomas TL26C: "RE: IDS and forensics"
Previous message: perrierorat_private: "Re: IDS and forensics"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jan 24 2003 - 13:14:58 PST