[Snort-sigs] False possitives on "MYSQL client authentication bypass attempt"

Jamie Riden jamie.riden at ...2420...
Thu Aug 2 10:47:57 EDT 2007


On 02/08/07, Christiaan Ehlers <Christiaan.Ehlers at ...3312...> wrote:
>
> Not sure if it is normal for a SHA1 to have a start byte of |00|?? Anybody
> know about this?

I think that in an ideal hash, any byte has a 1 in 256 probability of
being 0x00. ie. the output should be as unpredictable as possible.
SHA1 should be pretty close to ideal in this regard.

cheers,
 Jamie
-- 
Jamie Riden / jamesr at ...3216... / jamie at ...3294...
UK Honeynet Project: http://www.ukhoneynet.org/




More information about the Snort-sigs mailing list