How thorough are the hash breaks, anyway?
David Honig
dahonig at cox.net
Thu Aug 26 17:14:53 EDT 2004
At 11:09 AM 8/26/04 -0400, Trei, Peter wrote:
>[Disclaimer: I've never claimed to be a mathematician, nor even a
>cryptographer:my business card says 'cryptoengineer'. I've always
>tried more to understand how to properly use cryptographic
>primitives than to understand the deep theory of their construction.
>I go to people who know the theory when I have a question,
>and they come to me when they need something designed and
>built correctly and well.]
"Security Engineer", according to Schneier...
>Looking over the recent work on hash collisions, one
>thing that struck me was that they all seem to be
>attacks on known plaintext - the 'plaintexts' which
>collided were very close to each other, varying in
>only a few bits.
>
>While any weakness is a concern, and I'm not
>going to use any of the compromised algorithms
>in new systems, this type of break seems to be
>of limited utility.
>
>It allows you (if you're fortunate) to modify a signed
>message and have the signature still check out.
>However, if you don't know the original plaintext
>it does not seem to allow you construct a second
>message with the same hash.
A canonical example of where a MAC is used is in
sending a contract, where the Adversary wants to change
the amount of a particular field, eg a money-value.
The contract (eg, stock transactions) itself is not
encrypted.
In these rare (toy?) instances (of integrity but not confidentiality)
the plaintext is available. So a MAC-attack makes the
"irrefutability" assurance it provides into toast.
By encrypting the message you make it much harder.
PS: The NIST has a CDROM of hashes of "common" files so
that forensics types can ignore them. (Or if they're stego
programs, notice them..) That CDROM uses
multiple algorithms ---for each file there is an MD5, SHA-1,
etc. hash. Rather hard to find collisions for multiple
algorithms :-) although polymorphism can move a program
from "suspect" to "unknown".
=================================================
36 Laurelwood Dr
Irvine CA 92620-1299
VOX: (714) 544-9727 (home) mnemonic: P1G JIG WRAP
ICBM: -117.7621, 33.7275
HTTP: http://68.5.216.23:81 (back up, but not 99.999% reliable)
PGP PUBLIC KEY: by arrangement
Send plain ASCII text not HTML lest ye be misquoted
------
"Don't 'sir' me, young man, you have no idea who you're dealing with"
Tommy Lee Jones, MIB
----
No, you're not 'tripping', that is an emu ---Hank R. Hill
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list