How thorough are the hash breaks, anyway?
Jason Holt
jason at lunkwill.org
Thu Aug 26 15:59:54 EDT 2004
On Thu, 26 Aug 2004, Trei, Peter wrote:
> While any weakness is a concern, and I'm not
> going to use any of the compromised algorithms
> in new systems, this type of break seems to be
> of limited utility.
>
> It allows you (if you're fortunate) to modify a signed
> message and have the signature still check out.
> However, if you don't know the original plaintext
> it does not seem to allow you construct a second
> message with the same hash.
The Wikipedia article on hashes is pretty good on this topic:
http://en.wikipedia.org/wiki/Cryptographic_hash_function
So far, we know that the affected hashes are not collision resistant. They
may still be at least somewhat one way and second preimage resistant, in which
case systems which only require those properties might still be safe. But any
system which specifies a secure hash in the general sense would have to come
under very close scrutiny to see if it makes any assumptions at all about
collision resistance.
-J
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list