PlayStation 3 predicts next US president
James A. Donald
jamesd at echeque.com
Sat Dec 1 20:25:50 EST 2007
William Allen Simpson wrote:
> Weger, B.M.M. de wrote:
>> See http://www.win.tue.nl/hashclash/Nostradamus if
>> you want to know the details of what this has to do
>> with cryptography.
> It always bothers me as these things are announced,
> but are based on presumptions that have absolutely no
> relevance in the real world....
> Therefore, nothing to do with cryptography (which is
> not a parlor trick).
>> This implies a vulnerability in software integrity
>> protection and code signing schemes that still use
>> MD5. See
>> http://www.win.tue.nl/hashclash/SoftIntCodeSign for
> There is no such MD5 vulnerability implied. As the
> paper itself states:
> In cryptographic terms: our attack is an attack on
> collision resistance, not on preimage or second
> preimage resistance. This implies that both
> colliding files have to be specially prepared by the
> attacker, before they are published on a download
> site or presented for signing by a code signing
> scheme. Existing files with a known hash that have
> not been prepared in this way are not vulnerable.
> Since this "attack" requires the certifier be
> compromised, the attacker could also modify the
> program data itself undetectably. That is, this
> theoretical problem actually is more effort than the
> obvious attack!
This attack does not require the certifier to be
The attack was to generate a multitude of predictions
for the US election, each of which has the same MD5
hash. If the certifier certifies any one of these
predictions, the recipient can use the certificate for
any one of these predictions.
> In summary, there are exactly zero instances where
> this use of MD5 would actually present a
This attack renders MD5 entirely worthless for any use
other than as an error check like CRC - and CRC does it
better and faster.
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography