How thorough are the hash breaks, anyway?

Nicholas Bohm nbohm at
Fri Aug 27 06:11:24 EDT 2004

At 16:09 26/08/2004, Trei, Peter wrote:
>Looking over the recent work on hash collisions, one
>thing that struck me was that they all seem to be 
>attacks on known plaintext - the 'plaintexts' which
>collided were very close to each other,  varying in 
>only a few bits. 
>While any weakness is a concern, and I'm not
>going to use any of the compromised algorithms
>in new systems, this type of break seems to be
>of limited utility. 
>It allows you (if you're fortunate) to modify a signed
>message and have the signature still check out. 
>However, if you don't know the original plaintext
>it does not seem to allow you construct a second
>message with the same hash.

 From a lawyer's perspective, it seems worrying that a message into which the word "not" has been inserted might still have the same hash as the original (assuming the hash to be a component of an electronic signature)


Nicholas Bohm

Salkyns, Great Canfield,
Takeley, Bishop’s Stortford CM22 6SX, UK

Phone   01279 871272    (+44 1279 871272)
Fax     020 7788 2198   (+44 20 7788 2198)
Mobile  07715 419728    (+44 7715 419728)

PGP RSA 1024 bit public key ID: 0x08340015.  Fingerprint:
9E 15 FB 2A 54 96 24 37  98 A2 E0 D1 34 13 48 07
PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF.  Fingerprint:
5248 1320 B42E 84FC 1E8B  A9E6 0912 AE66 899D D7FF  

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list