Collisions for hash functions: how to exlain them to your boss

Eric Rescorla ekr at rtfm.com
Mon Jun 13 11:05:00 EDT 2005


Stefan Lucks <lucks at th.informatik.uni-mannheim.de> writes:
> Magnus Daum and myself have generated MD5-collisons for PostScript files:
>
>   http://th.informatik.uni-mannheim.de/people/lucks/HashCollisions/
>
> This work is somewhat similar to the work from Mikle and Kaminsky, except 
> that our colliding files are not executables, but real documents. 
>
> We hope to demonstrate how serious hash function collisions should be 
> taken -- even for people without much technical background. And to help 
> you, to explain these issues 
>
>   - to your boss or your management,
>   - to your customers,
>   - to your children ...

While this is a clever idea, I'm not sure that it means what you imply
it means. The primary thing that makes your attack work is that the
victim is signing a program which he is only able to observe mediated
through his viewer. But once you're willing to do that, you've got a
problem even in the absence of collisions, because it's easy to write
a program which shows different users different content even if you
without hash collisions. You just need to be able to write
conditionals.

For more, including an example, see:
http://www.educatedguesswork.org/movabletype/archives/2005/06/md5_collisions.html

-Ekr




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list