[TYPO3-core] RFC: #10201: Duplicate cHash Values
Dmitry Dulepov
dmitry.dulepov at gmail.com
Mon Sep 7 21:29:01 CEST 2009
Hi!
Marcus Krause wrote:
> Regarding full md5 hashes for cHash, there's (currently) no way to get
> hold of the encryption key. Basis for it would be successful preimage
> attacks for md5 (although it's not classical preimage problem). Such
> attacks are not known to be succeeded for md5 (yet).
+1. I think it will not be worth the time to find the encryption key by trying to encode all possible combinations of query string with the encryption key to md5. Using rainbow tables is not possible in this case due to a good randomness of the encryption key. Therefore we are safe unless hackers got access to the TRANSLTR from Dan Brown's "Digital Fortress" :)
--
Dmitry Dulepov
Facebook: http://www.facebook.com/dmitryd
Twitter: http://twitter.com/dmitryd
Skype: liels_bugs
More information about the TYPO3-team-core
mailing list