How thorough are the hash breaks, anyway?

Jason Holt jason at
Thu Aug 26 15:59:54 EDT 2004

On Thu, 26 Aug 2004, Trei, Peter wrote:
> While any weakness is a concern, and I'm not
> going to use any of the compromised algorithms
> in new systems, this type of break seems to be
> of limited utility. 
> It allows you (if you're fortunate) to modify a signed
> message and have the signature still check out. 
> However, if you don't know the original plaintext
> it does not seem to allow you construct a second
> message with the same hash.

The Wikipedia article on hashes is pretty good on this topic:

So far, we know that the affected hashes are not collision resistant.  They
may still be at least somewhat one way and second preimage resistant, in which
case systems which only require those properties might still be safe.  But any
system which specifies a secure hash in the general sense would have to come
under very close scrutiny to see if it makes any assumptions at all about
collision resistance.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list