Home > Boards > US Listed > Miscellaneous > OpenTable, Inc. (OPEN)

SHA-1 is insecure since 2005-7. They found a

Public Reply | Private Reply | Keep | Last ReadPost New MsgReplies (1) | Next 10 | Previous | Next
Soapy Bubbles Member Profile
Followed By 513
Posts 41,211
Boards Moderated 39
Alias Born 09/16/07
160x600 placeholder
Soapy Bubbles   Monday, 07/25/11 11:22:50 PM
Re: MistySteel post# 135
Post # of 205 
SHA-1 is insecure since 2005-7. They found a method that ensures collision faster than brute force. AES can be directly cracked with a prob distro analysis but it takes like 2^80 samples to pull it off. XOR is even easier although it's fast and simple to integrate into code.

If you want more on this, look up Rainbow Tables. They allow you to crack SHA and a series of other commonplace algos. It may be available as an ASM module by now since higher level would be insanely slow.

The toughest are the custom algos with loss. When people try to invert a transformation (such as an algo), they expect to find dictionary words, predefined structures, or other human readable keys. The trick is to disallow that assumption and encode a apparently "nonsensical" message - one simplistic example is to remove all the "E"s from a text message and then run it through a cipher including an "E" on the wheel. So, when someone intercepts it, they will assume the "E" is there and get stumped for awhile.

It's even worse if you encode such text w/ a modulus because you can invert a coded message to a SET of outcomes and you have to know which element of the set is the properly cracked message. If you're clever, you can assign probability weights to each cracked message in the set; the equivalent of probabilistic algo inversion. [Recall, mod is a cyclic function, so you can have equal modulus functions like x = a mod b = n mod d and a middle man would be unable to discern which to use.]

But at that point, you're pushing information theory given distributions you impose. That's MUCH uglier but effective since a single message is encoded into a single code; yet there's no one-way-function to reverse it back to a single message w/o the intended recipient acting as a key.

Then there's quantum encry, but that's still in it's infancy.

Another technique I've chatted w/ people and partially developed was a fun technique in which a message is encoded into another message (something like a steno in a PNG) and then it's compressed w/ a lossy encryption algo (looks like TGZ). Upon inversion, you get a set of outcomes and only one is the right one. It could be used to do unsniffable P2P.

Public Reply | Private Reply | Keep | Last ReadPost New MsgReplies (1) | Next 10 | Previous | Next
Follow Board Follow Board Keyboard Shortcuts Report TOS Violation
Current Price
Detailed Quote - Discussion Board
Intraday Chart
+/- to Watchlist