How thorough are the hash breaks, anyway?

David Honig dahonig at cox.net
Thu Aug 26 17:14:53 EDT 2004 

At 11:09 AM 8/26/04 -0400, Trei, Peter wrote:
>[Disclaimer: I've never claimed to be a mathematician, nor even a
>cryptographer:my business card says 'cryptoengineer'. I've always 
>tried more to understand how to  properly use cryptographic 
>primitives than to understand the deep theory of their construction. 
>I go to people who know the theory when I have a question, 
>and they come to me when they need something designed and 
>built correctly and well.]

"Security Engineer", according to Schneier...

>Looking over the recent work on hash collisions, one
>thing that struck me was that they all seem to be 
>attacks on known plaintext - the 'plaintexts' which
>collided were very close to each other,  varying in 
>only a few bits. 
>
>While any weakness is a concern, and I'm not
>going to use any of the compromised algorithms
>in new systems, this type of break seems to be
>of limited utility. 
>
>It allows you (if you're fortunate) to modify a signed
>message and have the signature still check out. 
>However, if you don't know the original plaintext
>it does not seem to allow you construct a second
>message with the same hash.

A canonical example of where a MAC is used is in
sending a contract, where the Adversary wants to change
the amount of a particular field, eg a money-value.
The contract (eg, stock transactions) itself is not
encrypted.

In these rare (toy?) instances (of integrity but not confidentiality)
the plaintext is available.  So a MAC-attack makes the 
"irrefutability" assurance it provides into toast.

By encrypting the message you make it much harder.


PS: The NIST has a CDROM of hashes of "common" files so
that forensics types can ignore them.  (Or if they're stego
programs, notice them..)  That CDROM uses
multiple algorithms ---for each file there is an MD5, SHA-1,
etc. hash.  Rather hard to find collisions for multiple
algorithms :-) although polymorphism can move a program
from "suspect" to "unknown".






=================================================
36 Laurelwood Dr
Irvine CA 92620-1299

VOX: (714) 544-9727 (home) mnemonic: P1G JIG WRAP

ICBM: -117.7621, 33.7275
HTTP: http://68.5.216.23:81 (back up, but not 99.999% reliable)
PGP PUBLIC KEY: by arrangement

Send plain ASCII text not HTML lest ye be misquoted

------

"Don't 'sir' me, young man, you have no idea who you're dealing with"
Tommy Lee Jones, MIB

----

No, you're not 'tripping', that is an emu ---Hank R. Hill

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list