Collisions for hash functions: how to exlain them to your boss
Eric Rescorla
ekr at rtfm.com
Mon Jun 13 11:05:00 EDT 2005
Stefan Lucks <lucks at th.informatik.uni-mannheim.de> writes:
> Magnus Daum and myself have generated MD5-collisons for PostScript files:
>
> http://th.informatik.uni-mannheim.de/people/lucks/HashCollisions/
>
> This work is somewhat similar to the work from Mikle and Kaminsky, except
> that our colliding files are not executables, but real documents.
>
> We hope to demonstrate how serious hash function collisions should be
> taken -- even for people without much technical background. And to help
> you, to explain these issues
>
> - to your boss or your management,
> - to your customers,
> - to your children ...
While this is a clever idea, I'm not sure that it means what you imply
it means. The primary thing that makes your attack work is that the
victim is signing a program which he is only able to observe mediated
through his viewer. But once you're willing to do that, you've got a
problem even in the absence of collisions, because it's easy to write
a program which shows different users different content even if you
without hash collisions. You just need to be able to write
conditionals.
For more, including an example, see:
http://www.educatedguesswork.org/movabletype/archives/2005/06/md5_collisions.html
-Ekr
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list