On 07/11/2012 04:39 PM, Ferenc-Levente Juhos wrote: > As I said several times before, to produce hash collisions. Or to calculate > rainbow tables (as a previous user theorized it) you only need the > following. > > You don't need to reproduce all possible blocks. > 1. SHA256 produces a 256 bit hash > 2. That means it produces a value on 256 bits, in other words a value > between 0..2^256 - 1 > 3. If you start counting from 0 to 2^256 and for each number calculate the > SHA256 you will get at least one hash collision (if the hash algortihm is > prefectly distributed) > 4. Counting from 0 to 2^256, is nothing else but reproducing all possible > bit pattern on 32 bytes > > It's not about whether one computer is capable of producing the above > hashes or not, or whether there are actually that many unique 32 byte bit > patterns in the universe. > A collision can happen.
It's actually not that simple, because in hash collision attacks you're not always afforded the luxury of being able to define your input block. More often than not, you want to modify a previously hashed block in such a fashion that it carries your intended modifications while hashing to the same original value. Say for instance you want to modify a 512-byte message (e.g. an SSL certificate) to point to your own CN. Here your rainbow table, even if you could store it somewhere (you couldn't, btw), would do you little good here. -- Saso _______________________________________________ zfs-discuss mailing list firstname.lastname@example.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss