Collisions for hash functions: how to exlain them to your boss
Eric Rescorla
ekr at rtfm.com
Mon Jun 13 17:09:26 EDT 2005
"Weger, B.M.M. de" <b.m.m.d.weger at TUE.nl> writes:
>
> Technically speaking you're correct, they're signing a program.
> But most people, certainly non-techies like Alice's boss,
> view postscript (or MS Word, or <name your favourite document
> format that allows macros>) files not as programs but as static
> data. In being targeted at non-techies I find this attack more
> convincing than those of Mikle and Kaminsky, though essentially
> it's a very similar idea.
>
> Note that opening the postscript files in an ASCII-editor
> (or HEX-editor) immediately reveals the attack. Stefan Lucks
> told me they might be able to obfuscate the postscript code,
> but again this will only fool the superficial auditor.
Yes, this is all true, but it's kind of orthogonal to my point,
which is that if you're willing to execute a program, this
attack can be mounted *without* the ability to produce hash
collisions. The fact that so few people regard PS, HTML, Word,
etc. as software just makes this point that much sharper.
As far as I can tell, the ability fo produce hash collisions just
makes the attack marginally worse.
-Ekr
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list