Re: SHA-1 broken

To: Michael Silk <michaelsilk@xxxxxxxxx>
Subject: Re: SHA-1 broken
From: Brian May <brian@xxxxxxxxxxxxx>
Date: Fri, 18 Feb 2005 15:54:41 -0800
Cc: "Scovetta, Michael V" <Michael.Scovetta@xxxxxx>, bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <b841ffed05021719304ede427b@xxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <b841ffed05021719304ede427b@xxxxxxxxxxxxxx>
User-agent: Mozilla Thunderbird 1.0 (Windows/20041206)

Michael Silk wrote:

Michael,

 But wouldn't it render a login-based hashing system resistant to the
current hashing problems if it is implemented something like:

 --
 result = hashFunc1( input + hashFunc1(input) + salt )

<snip>

wouldn't that create an infinite loop?

References:
- RE: SHA-1 broken
  - From: Michael Silk

Prev by Date: Knox Arkeia remote root/system exploit
Next by Date: Re: SHA-1 broken
Previous by thread: RE: SHA-1 broken
Next by thread: Re: SHA-1 broken
Index(es):
- Date
- Thread