Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
I think you meant to say SHA-1 collition, that is the one that was found this year, SHA-2 hasnt being "broken" yet last time I checked
https://youtube.com/watch/... -
But then again if you were targetted by someone with that amount of power, they could simply DDoS you constantly, that is assuming you didnt bother salting at least your hashes if you arent using any of the other hashing algos
-
teequila6807y@notcool Yes, correct, it was SHA-1.
I don‘t think, that he did that on purpose. Only after a few minutes of thinking, the idea was born, that we already have an collision in the moodle
system 😃
Related Rants
This semester, we have a lecture called IT Security by a guy, who absolutely know his subject.
Nevertheless, he wanted to show us that sha256 is broken by an existing collision. (Google that, fellow ranters!)
There are two pdf files by google researchers, that show the caption „SHAttered“ both on different backgrounds, although they give the same SHA-hash.
He then tried to share us these two files by moodle and wondered, why he uploaded the same file twice.
Guess what happened? The moodle backend checks new uploaded files for their ... hash ... and then decides, weather to upload or the file is already existing. So, it did just a new symlink to the old file.
Ironic, that an exercise, that should show us sha collision failures on sha collision 😃
rant
itsec
storytime
shattered