How thorough are the hash breaks, anyway?
Nicholas Bohm
nbohm at ernest.net
Fri Aug 27 06:11:24 EDT 2004
At 16:09 26/08/2004, Trei, Peter wrote:
>[snip]
>Looking over the recent work on hash collisions, one
>thing that struck me was that they all seem to be
>attacks on known plaintext - the 'plaintexts' which
>collided were very close to each other, varying in
>only a few bits.
>
>While any weakness is a concern, and I'm not
>going to use any of the compromised algorithms
>in new systems, this type of break seems to be
>of limited utility.
>
>It allows you (if you're fortunate) to modify a signed
>message and have the signature still check out.
>However, if you don't know the original plaintext
>it does not seem to allow you construct a second
>message with the same hash.
[snip]
From a lawyer's perspective, it seems worrying that a message into which the word "not" has been inserted might still have the same hash as the original (assuming the hash to be a component of an electronic signature)
Regards
Nicholas Bohm
Salkyns, Great Canfield,
Takeley, Bishop’s Stortford CM22 6SX, UK
Phone 01279 871272 (+44 1279 871272)
Fax 020 7788 2198 (+44 20 7788 2198)
Mobile 07715 419728 (+44 7715 419728)
PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint:
9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07
PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint:
5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list