Awesome.
---
http://en.epochtimes.com/tools/printer.asp?id=50336
The Epoch Times
Home Science Technology
Chinese Professor Cracks Fifth Data Security Algorithm
SHA-1 added to list of accomplishments
Central News Agency
Jan 11, 2007
Associate professor Wang
Hi guys,
I have question about source-code statical analysis tools that are available
at the market now.
Are there tools that support C/C++, Java, PHP, Flash (actionscript) all in
one?
Most of the tools support C/C++ and Java, but I have not found any that can
handle also PHP.
Do you know some?
Kevin, I would love to see open source communities embrace secure coding
practices with stronger assistance from software vendors in this space. This of
course requires going beyond audit capability and figuring out ways to get
the tools into developers hands.
As a contributor to open source
RATS will do PHP as well there is a plugin for Eclipse that will do static
analysis on PHP code which is called Pixy. The next step would be to
investigate some of the tools from SPI Dynamics, a few of them are black-box
but if you combine some black-box testing with some static analysis, add
some
Cracking a hash would [...]. There are an infinite number of
messages that all hash to the same value.
Yes, but there's no guarantee that this is true of any particular hash
value, such as the one you're intersted in, only that there exists at
least one hash value that it's true of.
(At
Hi,
Correction: Paros Proxy is owned and copyrighted by Chinotec Technologies
Co.
OWASP provides another usefull tool: WebScarab
(http://www.owasp.org/index.php/OWASP_WebScarab_Project)
I you look for PHP security resources,
http://www.owasp.org/index.php/Category:OWASP_PHP_Project can
Spot on thread, Ed:
On 3/20/07, Ed Reed [EMAIL PROTECTED] wrote:
Not all of these are consumer uprisings - some are, some aren't - but I
think they're all examples of the kinds of economic adjustments that occur
in mature markets.
- Unsafe at any speed (the triumph of consumer safety over
3APA3A wrote:
First, by reading 'crack' I thought lady can recover full message by
it's signature. After careful reading she can bruteforce collisions 2000
times faster.
Cracking a hash would never mean recovering the full original message,
except for possibly messages that were smaller
3APA3A wrote:
I know meaning of 'hash function' term, I wrote few articles on
challenge-response authentication and I did few hash functions
implementations for hashtables and authentication in FreeRADIUS and
3proxy. Can I claim my right for sarcasm after calling
On Wed, 21 Mar 2007, mudge wrote:
Sorry, but I couldn't help but be reminded of an old L0pht topic that
we brought up in January of 1999. Having just re-read it I found it
still relatively poignant: Cyberspace Underwriters Laboratories[1].
I was thinking about this, too, I should have
I was originally going to say this off-list, but it's not that big a deal.
Arian J. Evans said:
I think you are on to something here in how to think about this subject.
Perhaps I should float my little paper out there and we could shape up
something worth while describing how the industry is
On Mar 21, 2007, at 3:57 PM, Arian J. Evans wrote:
Spot on thread, Ed:
On 3/20/07, Ed Reed [EMAIL PROTECTED] wrote:
Not all of these are consumer uprisings - some are, some aren't -
but I think they're all examples of the kinds of economic
adjustments that occur in mature markets.
My understanding that the kind of birthday attack under discussion would
start at 80-bits if SHA-1 (at 160-bits) were 100% secure. The attack
under discussion is reported to reduce that to the neighborhood of
60-something bits.
I am not a mathematician though, so I would be perfectly willing to
13 matches
Mail list logo