Tag Archives: md5

Yahoo! 的資料外洩數量超過之前公佈的十億筆,上升到三十億筆

Oath (Y! 的新東家,Verizon 持股) 發表了新的通報,外洩數量直接上升到 3 billion 了:「Yahoo provides notice to additional users affected by previously disclosed 2013 data theft」。 也就是當時所有的使用者都受到影響: Subsequent to Yahoo's acquisition by Verizon, and during integration, the company recently obtained new intelligence and now believes, following … Continue reading

Posted in Computer, Murmuring, Network, Privacy, Security|Tagged , , , , , , , , , , |Leave a comment

歡樂的 md5crypt 密碼...

作者寫了一篇關於以前在 WHOIS 記錄上看到一串 $1$ 開頭的 md5crypt 密碼 XDDD:「I mean, why not tell everyone our password hashes?」。 Now the fields are filtered but this is a reasonably recent change. Prior to July 2015 the hashed passwords were shown to anyone who … Continue reading

Posted in Computer, Murmuring, Network, Security|Tagged , , , , , , , , , , |Leave a comment

用 Amazon EC2 的 GPU instance 計算 MD5 collision

在「Create your own MD5 collisions」這篇教你用 Amazon EC2 的 GPU instance 計算 MD5 collision。 由於不是什麼正式的服務,文章裡介紹你用 Spot instance 開機器,會便宜不少。可以看到最後的結果: 在文後也把兩張圖都附上來讓大家確認,抓下來後也可以確認: gslin@GSLIN-DESKTOP [~/tmp] [13:16/W3] md5sum *.jpg 253dd04e87492e4fc3471de5e776bc3d plane.jpg 253dd04e87492e4fc3471de5e776bc3d ship.jpg 屬於 chosen prefix collision 的攻擊。

Posted in AWS, Cloud, Computer, Murmuring, Network, Security, Software|Tagged , , , , , , , , , |Leave a comment

htpasswd 的 SHA 不會帶 salt (seed)...

剛剛發現 htpasswd (Apache 的 .htpasswd 檔案產生程式) 提供的 SHA-1 不會使用 salt,不過 MD5 格式會... 以密碼「test」測試: gslin@colo-p [~] [17:44/W7] touch test.txt gslin@colo-p [~] [17:44/W7] htpasswd -b -m test.txt test1 test Adding password for user test1 gslin@colo-p [~] [17:44/W7] htpasswd -b -m test.txt test2 … Continue reading

Posted in Computer, Murmuring, Network, Security, Software, WWW|Tagged , , , , , , , , , |Leave a comment

FreeBSD Ports System 拿掉 MD5 檢查了...

在「MD5 for distinfo has been deprecated」這邊看到 FreeBSD Ports System 拿掉 MD5 檢查了 (會被忽略而不檢查)。 PR (Problem Report) 可以在「ports/149657: [bsd.port.mk] deprecate MD5 checksums in distinfo」查到。 翻了 cvs log,SHA256 是五年前 (2005) 加到 bsd.ports.mk 的:「Diff for /ports/Mk/bsd.port.mk between versions 1.517 and 1.518」,總算在今天把 MD5 取代了:「Diff … Continue reading

Posted in Computer, FreeBSD, Murmuring, OS, Security, Software|Tagged , , , , , |Leave a comment