On 2/12/11 10:48 AM, Marsh Ray wrote:
On 12/01/2011 04:37 PM, Jerrie Union wrote:
public boolean check(digest, secret) {
hash = md5(secret);
if (digest.length != hash.length) {
return false;
}
I ignored the above length comparison, assuming the attacker knew
Given the following Java code:
public boolean check(digest, secret) {
hash = md5(secret);
if (digest.length != hash.length) {
On Dec 1, 2011, at 2:37 PM, Jerrie Union wrote:
I’m wondering, if it’s running as some authenticated server application, if
it should be considered as resistant to time attacks nowadays. I’m aware
that’s
not a good practice, but I’m not clear if I should consider it as exploitable
over
On 12/01/2011 04:37 PM, Jerrie Union wrote:
public boolean check(digest, secret) {
hash = md5(secret);
if (digest.length != hash.length) {
return false;
}
for (i = 0; i digest.length; i++) {
if (digest[i] != hash[i]) {
return
On Dec 1, 2011, at 11:48 PM, Marsh Ray wrote:
On 12/01/2011 04:37 PM, Jerrie Union wrote:
public boolean check(digest, secret) {
hash = md5(secret);
if (digest.length != hash.length) {
return false;
}
for (i = 0; i digest.length; i++) {
if
On 12/01/2011 10:15 PM, Solar Designer wrote:
On Thu, Dec 01, 2011 at 09:15:05PM -0600, Marsh Ray wrote:
When you can evaluate MD5 at 5.6 GH/s, accessing even a straight lookup
table in main memory is probably a slowdown.
Yes, but those very high speeds are throughput for large numbers of
On Thu, Dec 01, 2011 at 11:16:14PM -0600, Marsh Ray wrote:
On 12/01/2011 10:15 PM, Solar Designer wrote:
http://whitepixel.zorinaq.com is probably the fastest single MD5 hash
cracker. This one tests 33.1 billion of passwords per second against a
raw MD5 hash on 4 x AMD Radeon HD 5970 (8
On 12/02/2011 01:21 AM, Marsh Ray wrote:
Out of a set of 4096 (salt values) random functions each mapping
{ 1...256 } - { 0 ... 255 }
samples H[0] values
how many would we expect to have all samples map to the same value,
i.e., have a codomain size of 1 ?
s/codomain/image/
- Marsh