![]() ![]() You cannot find a hash and then design a file to match that hash. the creator of the files.Ģ) Also the hash cannot be targeted. In their findings, both files need to be created by the attacker i.e. The gist of it: three main things to consider:ġ) It is possible for two different files to have the same hash. Found some great links on it and also summed up security concerns and uses of hashes in a blog post I use md5 a lot in my everyday sysadmin work so I did a lot of research on security issues. torrent file and it hasn't been maliciously modified to point to a different tracker or the hashes in it modified. You can be relatively confident that no one on the Bittorrent swarm can corrupt the download, assuming you have the correct. So that a malicious peer could inject bad data in the swarm is unlikely - even if one peer knew how to break SHA-1, most other peers would have to cooperate as well. I'm not sure how any of this works, really, just that it with MD5 hash collisions are possible and easier than they've been in the past.īittorrent uses SHA-1 to "know" what file it's downloading and whether pieces that peers trade are good or not. However, if a hacker gets a list of accounts with these hashes, they may be able to generate a password that, when put through MD5, generates the same hash (this is called a hash collision). In this way, they don't know your password. Websites and such typically don't want to store your password, but a hash of it - and then compare the password you enter to login with a hash. Where MD5 is sort of not ok is if you use as stored password hashes. For something like verifying if you have the correct file, MD5 is ok. MD5 does have known attacks on it, so it's not as good as something like SHA-1. If the MD5 I download matches the MD5 of the distrubition's website, does that mean the file has not been tampered with? ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
March 2023
Categories |