|
apparently it's possible to detect if a file is vulnerable to this type of attack, so i guess that's goodquote:counter-cryptanalysis... is able to detect known and unknown SHA-1 cryptanalytic collision attacks given just a single file from a colliding file pair crypto is kinda voodoo to me. is there a tldr on this for an idiot anywhere? could this detection be bypassed?
|
# ? Feb 23, 2017 17:25 |
|
|
# ? Jun 6, 2024 14:40 |
|
on phone so can't check, has some new weakness been found or is it just the march of hardware?
|
# ? Feb 23, 2017 17:26 |
Cybernetic Vermin posted:on phone so can't check, has some new weakness been found or is it just the march of hardware? its 10^5 faster than bruteforce, but still a massive undertaking
|
|
# ? Feb 23, 2017 17:30 |
|
redleader posted:crypto is kinda voodoo to me. is there a tldr on this for an idiot anywhere? could this detection be bypassed? the tl;dr is "math"
|
# ? Feb 23, 2017 17:31 |
|
it sounds like an actual weakness, like maybe certain prefixes in the source data can limit or skew what hashes you'll get
|
# ? Feb 23, 2017 17:32 |
rjmccall posted:it sounds like an actual weakness, like maybe certain prefixes in the source data can limit or skew what hashes you'll get
|
|
# ? Feb 23, 2017 17:33 |
|
spankmeister posted:The web sight is getting rekt but SHA-1 is now officially completely broken: we knew it was coming but this is still fuckin cool
|
# ? Feb 23, 2017 17:36 |
|
hobbesmaster posted:i work for a company with an iot gateway that by default blocks all incoming connections on whatever the wan interface is detected as probably ssh logins? or if its web probably some php admin login.
|
# ? Feb 23, 2017 17:45 |
|
cinci zoo sniper posted:that weakness is adobe eh, almost every document format has some way of throwing extra crap in it that won't get interpreted by default. pdf is definitely a secfuck, but is there some reason that this collision is actually pdf-specific?
|
# ? Feb 23, 2017 18:11 |
|
bicycle posted:just go to congress and bring a bottle of booze and share it and have fun and pick up some free stickers and buy a tor t shirt or w.e and pretend youre a hacker or speak to smart people who arent actually trying to hire you or sell you poo poo and have fun and give a gently caress about the culture and avoid ioerror supporters and stop expecting the industry to give you tons of free drinks just for showing up and just provide the kicking rad party yourself hth looking forward to SHA 2017 this summer
|
# ? Feb 23, 2017 18:18 |
|
Shaggar posted:probably ssh logins? or if its web probably some php admin login. yeah basically "how do I expose the default logins to the entire world?"
|
# ? Feb 23, 2017 18:34 |
|
sha1 is dead long live sha1
|
# ? Feb 23, 2017 18:42 |
|
rjmccall posted:eh, almost every document format has some way of throwing extra crap in it that won't get interpreted by default. pdf is definitely a secfuck, but is there some reason that this collision is actually pdf-specific? afaik it's just easiest to demo the exploit on PDF's and PDF has a built in document signing system that is supposed to prove your document is valid that this presumably undermines and that could affect like real world contracts and stuff idk
|
# ? Feb 23, 2017 18:56 |
|
aight, that's what i figured
|
# ? Feb 23, 2017 19:10 |
|
https://twitter.com/dchest/status/834808975556239360 owns
|
# ? Feb 23, 2017 19:15 |
|
someone tell Valerie Aurora to update the page though
|
# ? Feb 23, 2017 19:16 |
|
anthonypants posted:someone tell Valerie Aurora to update the page though
|
# ? Feb 23, 2017 19:25 |
|
she updated the copyright at the bottom too
|
# ? Feb 23, 2017 19:26 |
|
https://github.com/cr-marcstevens/sha1collisiondetectionquote:There are two programs bin/sha1dc and bin/sha1dc_partialcoll. The first program bin/sha1dc will detect and warn for files that were generated with a cryptanalytic SHA-1 collision attack (of which there are no public examples so far). The second program bin/sha1dc_partialcoll will detect and warn for files that were generated with a cryptanalytic collision attack against reduced-round SHA-1 (of which there are a few examples so far).
|
# ? Feb 23, 2017 20:06 |
|
OSI bean dip posted:a year now will be a month in few years case in point, from the amd thread: maybe amd will finally be good again and the rate of progress will increase, as intel/nvidia get off their collective butts tangentially related, there's bound to be good bugs in early zen, a completely new arch waiting to be exploited. especially seeing how they're basically soc now, there's barely anything off the package. can't wait
|
# ? Feb 23, 2017 20:13 |
|
Truga posted:case in point, from the amd thread:
|
# ? Feb 23, 2017 20:23 |
|
Ur Getting Fatter posted:what does 110gpu/year processing mean in real world dollars? According to the actual paper the 110 GPU years number is scaled to GTX 970 performance levels because that's what they used for development, but the actual work was done on Tesla K-series hardware. The GTX 970 is the most popular GPU among Steam users, so a botnet of gaming PCs could be a real threat. ~1500 machines with GTX 970s could do it in under a month assuming things scale linearly. coffeetable posted:~$50k on AWS spot GPU instances i think. In the paper they said about $500,000 to get it done the fastest using on demand P instances and around $100,000 if you're more patient using spot pricing on G instances.
|
# ? Feb 23, 2017 21:10 |
|
there's a use-after-free vulnerability in a linux kernel module https://access.redhat.com/node/2934281
|
# ? Feb 23, 2017 21:11 |
|
Larry David fainting .gif
|
# ? Feb 23, 2017 21:16 |
|
my appetite is certainly whet for the first serious sha-2 weakening, as it'd not take much to make bitcoin untenable. certainly far less than anything that'd realistically yield collisions (plenty to make asics less profitable compared to a more sophisticated implementation, making chinese miners throw a fit, and even more deliciously it is likely to make some hashes easier than others to collide, making the 10 minutes per block mean no longer hold)
|
# ? Feb 23, 2017 21:32 |
|
Cybernetic Vermin posted:my appetite is certainly whet for the first serious sha-2 weakening, as it'd not take much to make bitcoin untenable. certainly far less than anything that'd realistically yield collisions (plenty to make asics less profitable compared to a more sophisticated implementation, making chinese miners throw a fit, and even more deliciously it is likely to make some hashes easier than others to collide, making the 10 minutes per block mean no longer hold)
|
# ? Feb 23, 2017 21:34 |
|
Looks like it isn't as alarming as all that: https://twitter.com/lepht/status/834824125260636162
|
# ? Feb 23, 2017 21:40 |
|
yeah having used spot instances for a lot of stuff the pricing can vary wildly all the time. a fun correlation but thats all it is
|
# ? Feb 23, 2017 22:17 |
|
Doom Mathematic posted:Looks like it isn't as alarming as all that: i thought it was less meant to be alarming, more to be like "lol look at everyone trying to do it all of a sudden and then realizing they can't afford it"
|
# ? Feb 23, 2017 23:03 |
|
good luck doing it from scratch in that timeframe, public disclosure of the code is in 90 days
|
# ? Feb 23, 2017 23:05 |
|
Wiggly Wayne DDS posted:good luck doing it from scratch in that timeframe, public disclosure of the code is in 90 days
|
# ? Feb 23, 2017 23:05 |
|
my point was on the initial hour of publicity and aws price surging - you're not spinning up aws instances to generate a collision from scratch within the hour from no code. still that's some really quick turnaround time into working the poc into fun times with html parsing
|
# ? Feb 23, 2017 23:19 |
|
Wiggly Wayne DDS posted:my point was on the initial hour of publicity and aws price surging - you're not spinning up aws instances to generate a collision from scratch within the hour from no code. still that's some really quick turnaround time into working the poc into fun times with html parsing It's not too exciting, he's literally just copy pasted the POC collision into two html documents that are otherwise identical.
|
# ? Feb 23, 2017 23:24 |
|
owns owns owns
|
# ? Feb 23, 2017 23:24 |
|
cloudflare reverse proxies are dumping uninitialized memory: https://bugs.chromium.org/p/project-zero/issues/detail?id=1139
|
# ? Feb 24, 2017 00:02 |
|
Wiggly Wayne DDS posted:cloudflare reverse proxies are dumping uninitialized memory: https://bugs.chromium.org/p/project-zero/issues/detail?id=1139 loving hell quote:We fetched a few live samples, and we observed encryption keys, cookies, passwords, chunks of POST data and even HTTPS requests for other major cloudflare-hosted sites from other users. Once we understood what we were seeing and the implications, we immediately stopped and contacted cloudflare security.
|
# ? Feb 24, 2017 00:05 |
|
taviso posted:It looked like that if an html page hosted behind cloudflare had a specific combination of unbalanced tags, the proxy would intersperse pages of uninitialized memory into the output loving lol
|
# ? Feb 24, 2017 00:06 |
|
"We've discovered (and purged) cached pages that contain private messages from well-known services, PII from major sites that use cloudflare, and even plaintext API requests from a popular password manager that were sent over https (!!)." Nice, nice
|
# ? Feb 24, 2017 00:07 |
|
quote:Cloudflare pointed out their bug bounty program, but I noticed it has a top-tier reward of a t-shirt.
|
# ? Feb 24, 2017 00:08 |
|
|
# ? Jun 6, 2024 14:40 |
|
anthonypants posted:Needless to say, this did not convey to me that they take the program seriously. Savage
|
# ? Feb 24, 2017 00:10 |