home.social

#sha3 — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #sha3, aggregated by home.social.

  1. MD6 - The Failed SHA-3 Hash You Likely Never Heard Of

    While MD6 never made it into NIST as SHA-3, it has recently made its way into a few hash cracking contests.

    After a suggestion from Vavaldi from HashMob to add MD6 support to hashgen, I began working on a Pure Go MD6 port. Once that was complete, I added support for 5x common MD6 digest sizes to hashgen.

    MD6 - Pure Go port
    github.com/cyclone-github/md6

    hashgen v1.3.1 - MD6 support
    github.com/cyclone-github/hash

    #md6 #nist #sha3 #hashcracking #hashgen #cmiyc #ctc #golang #port

  2. MD6 - The Failed SHA-3 Hash You Likely Never Heard Of

    While MD6 never made it into NIST as SHA-3, it has recently made its way into a few hash cracking contests.

    After a suggestion from Vavaldi from HashMob to add MD6 support to hashgen, I began working on a Pure Go MD6 port. Once that was complete, I added support for 5x common MD6 digest sizes to hashgen.

    MD6 - Pure Go port
    github.com/cyclone-github/md6

    hashgen v1.3.1 - MD6 support
    github.com/cyclone-github/hash

    #md6 #nist #sha3 #hashcracking #hashgen #cmiyc #ctc #golang #port

  3. MD6 - The Failed SHA-3 Hash You Likely Never Heard Of

    While MD6 never made it into NIST as SHA-3, it has recently made its way into a few hash cracking contests.

    After a suggestion from Vavaldi from HashMob to add MD6 support to hashgen, I began working on a Pure Go MD6 port. Once that was complete, I added support for 5x common MD6 digest sizes to hashgen.

    MD6 - Pure Go port
    github.com/cyclone-github/md6

    hashgen v1.3.1 - MD6 support
    github.com/cyclone-github/hash

    #md6 #nist #sha3 #hashcracking #hashgen #cmiyc #ctc #golang #port

  4. MD6 - The Failed SHA-3 Hash You Likely Never Heard Of

    While MD6 never made it into NIST as SHA-3, it has recently made its way into a few hash cracking contests.

    After a suggestion from Vavaldi from HashMob to add MD6 support to hashgen, I began working on a Pure Go MD6 port. Once that was complete, I added support for 5x common MD6 digest sizes to hashgen.

    MD6 - Pure Go port
    github.com/cyclone-github/md6

    hashgen v1.3.1 - MD6 support
    github.com/cyclone-github/hash

    #md6 #nist #sha3 #hashcracking #hashgen #cmiyc #ctc #golang #port

  5. CW: research review

    N. Mouha and C. Celi, "A Vulnerability in Implementations of SHA-3, SHAKE, EdDSA, and Other NIST-Approved Algorithm"¹

    This paper describes a vulnerability in several implementations of the Secure Hash Algorithm 3 (SHA-3) that have been released by its designers. The vulnerability has been present since the final-round update of Keccak was submitted to the National Institute of Standards and Technology (NIST) SHA-3 hash function competition in January 2011, and is present in the eXtended Keccak Code Package (XKCP) of the Keccak team. It affects all software projects that have integrated this code, such as the scripting languages Python and PHP Hypertext Preprocessor (PHP). The vulnerability is a buffer overflow that allows attacker-controlled values to be eXclusive-ORed (XORed) into memory (without any restrictions on values to be XORed and even far beyond the location of the original buffer), thereby making many standard protection measures against buffer overflows (e.g., canary values) completely ineffective. First, we provide Python and PHP scripts that cause segmentation faults when vulnerable versions of the interpreters are used. Then, we show how this vulnerability can be used to construct second preimages and preimages for the implementation, and we provide a specially constructed file that, when hashed, allows the attacker to execute arbitrary code on the victim's device. The vulnerability applies to all hash value sizes, and all 64-bit Windows, Linux, and macOS operating systems, and may also impact cryptographic algorithms that require SHA-3 or its variants, such as the Edwards-curve Digital Signature Algorithm (EdDSA) when the Edwards448 curve is used. We introduce the Init-Update-Final Test (IUFT) to detect this vulnerability in implementations.

    #ResearchPapers #IACR #Cryptanalysis #CVE202237454 #SHA3 #Keccak #HashFunction #Vulnerability
    __
    ¹ eprint.iacr.org/2023/331

  6. CW: research review

    N. Mouha and C. Celi, "A Vulnerability in Implementations of SHA-3, SHAKE, EdDSA, and Other NIST-Approved Algorithm"¹

    This paper describes a vulnerability in several implementations of the Secure Hash Algorithm 3 (SHA-3) that have been released by its designers. The vulnerability has been present since the final-round update of Keccak was submitted to the National Institute of Standards and Technology (NIST) SHA-3 hash function competition in January 2011, and is present in the eXtended Keccak Code Package (XKCP) of the Keccak team. It affects all software projects that have integrated this code, such as the scripting languages Python and PHP Hypertext Preprocessor (PHP). The vulnerability is a buffer overflow that allows attacker-controlled values to be eXclusive-ORed (XORed) into memory (without any restrictions on values to be XORed and even far beyond the location of the original buffer), thereby making many standard protection measures against buffer overflows (e.g., canary values) completely ineffective. First, we provide Python and PHP scripts that cause segmentation faults when vulnerable versions of the interpreters are used. Then, we show how this vulnerability can be used to construct second preimages and preimages for the implementation, and we provide a specially constructed file that, when hashed, allows the attacker to execute arbitrary code on the victim's device. The vulnerability applies to all hash value sizes, and all 64-bit Windows, Linux, and macOS operating systems, and may also impact cryptographic algorithms that require SHA-3 or its variants, such as the Edwards-curve Digital Signature Algorithm (EdDSA) when the Edwards448 curve is used. We introduce the Init-Update-Final Test (IUFT) to detect this vulnerability in implementations.

    #ResearchPapers #IACR #Cryptanalysis #CVE202237454 #SHA3 #Keccak #HashFunction #Vulnerability
    __
    ¹ eprint.iacr.org/2023/331

  7. CW: research review

    N. Mouha and C. Celi, "A Vulnerability in Implementations of SHA-3, SHAKE, EdDSA, and Other NIST-Approved Algorithm"¹

    This paper describes a vulnerability in several implementations of the Secure Hash Algorithm 3 (SHA-3) that have been released by its designers. The vulnerability has been present since the final-round update of Keccak was submitted to the National Institute of Standards and Technology (NIST) SHA-3 hash function competition in January 2011, and is present in the eXtended Keccak Code Package (XKCP) of the Keccak team. It affects all software projects that have integrated this code, such as the scripting languages Python and PHP Hypertext Preprocessor (PHP). The vulnerability is a buffer overflow that allows attacker-controlled values to be eXclusive-ORed (XORed) into memory (without any restrictions on values to be XORed and even far beyond the location of the original buffer), thereby making many standard protection measures against buffer overflows (e.g., canary values) completely ineffective. First, we provide Python and PHP scripts that cause segmentation faults when vulnerable versions of the interpreters are used. Then, we show how this vulnerability can be used to construct second preimages and preimages for the implementation, and we provide a specially constructed file that, when hashed, allows the attacker to execute arbitrary code on the victim's device. The vulnerability applies to all hash value sizes, and all 64-bit Windows, Linux, and macOS operating systems, and may also impact cryptographic algorithms that require SHA-3 or its variants, such as the Edwards-curve Digital Signature Algorithm (EdDSA) when the Edwards448 curve is used. We introduce the Init-Update-Final Test (IUFT) to detect this vulnerability in implementations.

    #ResearchPapers #IACR #Cryptanalysis #CVE202237454 #SHA3 #Keccak #HashFunction #Vulnerability
    __
    ¹ eprint.iacr.org/2023/331

  8. CW: research review

    N. Mouha and C. Celi, "A Vulnerability in Implementations of SHA-3, SHAKE, EdDSA, and Other NIST-Approved Algorithm"¹

    This paper describes a vulnerability in several implementations of the Secure Hash Algorithm 3 (SHA-3) that have been released by its designers. The vulnerability has been present since the final-round update of Keccak was submitted to the National Institute of Standards and Technology (NIST) SHA-3 hash function competition in January 2011, and is present in the eXtended Keccak Code Package (XKCP) of the Keccak team. It affects all software projects that have integrated this code, such as the scripting languages Python and PHP Hypertext Preprocessor (PHP). The vulnerability is a buffer overflow that allows attacker-controlled values to be eXclusive-ORed (XORed) into memory (without any restrictions on values to be XORed and even far beyond the location of the original buffer), thereby making many standard protection measures against buffer overflows (e.g., canary values) completely ineffective. First, we provide Python and PHP scripts that cause segmentation faults when vulnerable versions of the interpreters are used. Then, we show how this vulnerability can be used to construct second preimages and preimages for the implementation, and we provide a specially constructed file that, when hashed, allows the attacker to execute arbitrary code on the victim's device. The vulnerability applies to all hash value sizes, and all 64-bit Windows, Linux, and macOS operating systems, and may also impact cryptographic algorithms that require SHA-3 or its variants, such as the Edwards-curve Digital Signature Algorithm (EdDSA) when the Edwards448 curve is used. We introduce the Init-Update-Final Test (IUFT) to detect this vulnerability in implementations.

    #ResearchPapers #IACR #Cryptanalysis #CVE202237454 #SHA3 #Keccak #HashFunction #Vulnerability
    __
    ¹ eprint.iacr.org/2023/331

  9. Sichere Ahnen Prüfung mit Cryptographic Hashes

    Bei der Erstellung eigner Stammbäume gibt es immer wieder den Wunsch in anderen Datenbeständen nach Familienangehörigen zu suchen. Dabei ergibt sich jedoch das Problem, dann personenbezogene Daten an andere versendet werden müssen.

    schegge.de/2023/03/sichere-ahn

    #Algorithmen #BestPractices #Design-Pattern #Java #Web #SHA #SHA3-256

  10. With full joy I will be talking in #LibrePlanet 2023 about a free system for cataloguing challenging museum-libraries items like manuscripts and books with dedication/marginalia.

    libreplanet.org/2023/program/

    @fsf #FreeSoftwareFoundation #FreeSoftware #MESICON #LAMP #Linux #Apache #MySQL #PHP #SHA3

  11. With full joy I will be talking in #LibrePlanet 2023 about a free system for cataloguing challenging museum-libraries items like manuscripts and books with dedication/marginalia.

    libreplanet.org/2023/program/

    @fsf #FreeSoftwareFoundation #FreeSoftware #MESICON #LAMP #Linux #Apache #MySQL #PHP #SHA3

  12. With full joy I will be talking in #LibrePlanet 2023 about a free system for cataloguing challenging museum-libraries items like manuscripts and books with dedication/marginalia.

    libreplanet.org/2023/program/

    @fsf #FreeSoftwareFoundation #FreeSoftware #MESICON #LAMP #Linux #Apache #MySQL #PHP #SHA3

  13. With full joy I will be talking in #LibrePlanet 2023 about a free system for cataloguing challenging museum-libraries items like manuscripts and books with dedication/marginalia.

    libreplanet.org/2023/program/

    @fsf #FreeSoftwareFoundation #FreeSoftware #MESICON #LAMP #Linux #Apache #MySQL #PHP #SHA3

  14. With full joy I will be talking in #LibrePlanet 2023 about a free system for cataloguing challenging museum-libraries items like manuscripts and books with dedication/marginalia.

    libreplanet.org/2023/program/

    @fsf #FreeSoftwareFoundation #FreeSoftware #MESICON #LAMP #Linux #Apache #MySQL #PHP #SHA3

  15. So, does #GPG support #SHA3 yet? I have code stashed to enable SHA3 support in APT, but w/o GPG support it makes no sense to rush this through for #ubuntu 20.04.