Collisions for hash functions: how to exlain them to your boss
Weger, B.M.M. de
b.m.m.d.weger at TUE.nl
Mon Jun 13 15:53:04 EDT 2005
Hi Eric,
Technically speaking you're correct, they're signing a program.
But most people, certainly non-techies like Alice's boss,
view postscript (or MS Word, or <name your favourite document
format that allows macros>) files not as programs but as static
data. In being targeted at non-techies I find this attack more
convincing than those of Mikle and Kaminsky, though essentially
it's a very similar idea.
Note that opening the postscript files in an ASCII-editor
(or HEX-editor) immediately reveals the attack. Stefan Lucks
told me they might be able to obfuscate the postscript code,
but again this will only fool the superficial auditor.
Grtz,
Benne
=========================================
Technische Universiteit Eindhoven
Coding & Crypto Groep
Faculteit Wiskunde en Informatica
Den Dolech 2
Postbus 513
5600 MB Eindhoven
kamer HG 9.84
tel. (040) 247 2704, bgg 5141
e-mail: b.m.m.d.weger at tue.nl
www: http://www.win.tue.nl/~bdeweger
=========================================
> -----Original Message-----
> From: owner-cryptography at metzdowd.com
> [mailto:owner-cryptography at metzdowd.com] On Behalf Of Eric Rescorla
> Sent: maandag 13 juni 2005 17:05
> To: Stefan Lucks
> Cc: cryptography at metzdowd.com
> Subject: Re: Collisions for hash functions: how to exlain
> them to your boss
>
> Stefan Lucks <lucks at th.informatik.uni-mannheim.de> writes:
> > Magnus Daum and myself have generated MD5-collisons for
> PostScript files:
> >
> > http://th.informatik.uni-mannheim.de/people/lucks/HashCollisions/
> >
> > This work is somewhat similar to the work from Mikle and
> Kaminsky, except
> > that our colliding files are not executables, but real documents.
> >
> > We hope to demonstrate how serious hash function collisions
> should be
> > taken -- even for people without much technical background.
> And to help
> > you, to explain these issues
> >
> > - to your boss or your management,
> > - to your customers,
> > - to your children ...
>
> While this is a clever idea, I'm not sure that it means what you imply
> it means. The primary thing that makes your attack work is that the
> victim is signing a program which he is only able to observe mediated
> through his viewer. But once you're willing to do that, you've got a
> problem even in the absence of collisions, because it's easy to write
> a program which shows different users different content even if you
> without hash collisions. You just need to be able to write
> conditionals.
>
> For more, including an example, see:
> http://www.educatedguesswork.org/movabletype/archives/2005/06/
> md5_collisions.html
>
> -Ekr
>
>
>
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to
> majordomo at metzdowd.com
>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list