The Last HITB Security Conference in Malaysia

Hands-on Technical Trainings - 13th & 14th October

http://conference.hitb.org/hitbsecconf2014kul/#tile_schedule

Triple-Track Conference - 15th & 16th October

http://conference.hitb.org/hitbsecconf2014kul/conference-speakers/

 

Capture the Flag - 15th & 16th October

http://conference.hitb.org/hitbsecconf2014kul/capture-the-flag/

HackWEEKDAY - 15th & 16th October

http://conference.hitb.org/hitbsecconf2014kul/hackweekday/

CommSec Village - 15th & 16th October

http://conference.hitb.org/hitbsecconf2014kul/commsec-village/

REGISTER ONLINE NOW

Crypto collisions cause denial of service in major hashes

http://cdn.i.haymarket.net.au/Utils/ImageResizer.ashx?n=http%3a%2f%2fi.haymarket.net.au%2fNews%2fcryptography+crypto+security+PKI+encryption.jpg&h=600&w=800&c=0

Denial of service vulnerabilities have been found in cryptographic systems underpinning host of web applications including those offered by Google, Microsoft, Yahoo and those based on Java among scores of others.

The attacks target weaknesses in the hash algorithms that permit multiple hash collisions to take place. This can quickly overload any application using a vulnerable hash algorithm.

The popular MurmurHash algorithm was found vulnerable to the attacks, along with a hash used by Python, Google's CityHash and likely Microsoft's .Net Marvin32 hash which appeared not to be “built with security in mind”, according to the research trio behind the work.  Problems occurred when hash algorithms did not evenly distribute strings causing link lists to become long and making hash tables slow.

Tags: