kernel.org compromised

Posted Sep 1, 2011 0:02 UTC (Thu) by dlang (guest, #313)
In reply to: kernel.org compromised by daney
Parent article: kernel.org compromised

given the large numbers of researchers working on looking for weaknesses, and the publicity that comes from even a slight weakening of it, there is no reason to believe that is has been broken.

yes, it's always possible that there is some black hat out there that has broken it and not told anyone about it, but this is extremely unlikely (the black hat could get rich by just publishing this data, no need to do anything more with it)

In any case, I'm pretty sure that the kernel.org team is going to be double-checking everything by using multiple checksum/hash algorithms and the odds of all of them being able to be bypassed is vanishingly slim

to post comments

kernel.org compromised

Posted Sep 1, 2011 0:53 UTC (Thu) by lutchann (subscriber, #8872) [Link] (1 responses)

> the black hat could get rich by just publishing this data, no need to do anything more with it

Famous, yes, but rich? I suppose you could get a new job with a sexy title and a fat salary, but you'd probably make more money more quickly by keeping your technique a secret and selling it to somebody.

value of zero day versus public reputation

Posted Sep 2, 2011 12:04 UTC (Fri) by copsewood (subscriber, #199) [Link]

Whoever would pay you to keep a SHA1 crack as a zero day vulnerability would have to pay more than the value of all the book sales and conference keynote speech fees. Also the kind of organisations who would want you to keep this secret are likely to be more difficult to negotiate with and dangerous to your health if negotiations go wrong than book publishers and conference organisers.