How thorough are the hash breaks, anyway?
Whyte, William
WWhyte at ntru.com
Tue Aug 31 14:45:29 EDT 2004
My understanding is that once you've used trial division to
get rid of all the extremely short divisors, a random number
of length n is about as hard to factor as an RSA modulus of
the same length. I don't think there are a lot of easy-to-factor
moduli around.
William
> -----Original Message-----
> From: Matt Crawford [mailto:crawdad at fnal.gov]
> Sent: Monday, August 30, 2004 11:47 AM
> To: Ian Grigg
> Cc: Daniel Carosone; crypto
> Subject: Re: How thorough are the hash breaks, anyway?
>
>
> >> certificates. The public key data is public, and it's a "random"
> >> bitpattern where nobody would ever notice a few different bits.
> >> If someone finds a collision for microsoft's windows
> update cert (or a
> >> number of other possibilities), and the fan is well and
> truly buried
> >> in it.
> >
> > Correct me if I'm wrong ... but once finding
> > a hash collision on a public key, you'd also
> > need to find a matching private key, right?
>
> But the odds are that you'd get an easy-to-factor modulus. Would the
> casual relying party ever notice that? I think not.
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to
> majordomo at metzdowd.com
>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list