PG vulnerable to the SHA-1 issue?

Discussion in 'ProcessGuard' started by spy1, Feb 17, 2005.

Thread Status:
Not open for further replies.
  1. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    If so, are you going to switch it over to a different library? Something other than SHA-1 that hasn't been even potentially 'defeated" yet? Pete
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Pete, See your other thread, ProcessGuard uses MD5 and is still fine for doing executables as far as I am aware. :)

    Pilli
     
  3. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
    Hi,

    Since the Crypto 2004 Conference, many possible collisions have been announced (MD5, SHA):

    http://www.cryptography.com/cnews/hash.html

    The answer of RSA Labs: http://www.rsasecurity.com/rsalabs/node.asp?id=2738

    I've reported the MD5 vulnerability: https://www.wilderssecurity.com/showthread.php?p=349798

    Now it seems to be the case for SHA-1 (even if the proof of concept has not been published).

    But these vulnerabilities does not mean critical security issue for product using MD5 or SHA-1 algorithms.

    Cracking an MD5 password could take several hours.
    Let's imagine for SHA-1...

    There's surely some worms which could bypass the integrity control of some NIDS/IDS for instance.

    We could increase our defense by using integrity checkers with SHA-1 algoritm or SHA-5 or not.

    In any case, it will be more difficult to bypass the integrity control than a simple password.

    Therefore, i really don't think that i have to worry about a malware which could bypass the integrity protection of my system (Windows, PG or my others softs).
    But we never know..."as far as i am aware".. ;) .
    (................................................................................................)

    Regards
     
Thread Status:
Not open for further replies.