PlayStation 3 predicts next US president
William Allen Simpson
william.allen.simpson at gmail.com
Sun Dec 2 11:51:24 EST 2007
Weger, B.M.M. de wrote:
>> The parlor trick demonstrates a weakness of the pdf format, not MD5.
>
> I disagree. We could just as easy have put the collision blocks
> in visible images.
Parlor trick.
> ... We could just as easy have used MS Word
> documents, or any document format in which there is some way
> of putting a few random blocks somewhere nicely.
Parlor trick.
> ... We say so on
> the website. We did show this hiding of collisions for other data
> formats, such as X.509 certificates
More interesting. Where on your web site? I've long abhorred the
X.509 format, and was a supporter of a more clean alternative.
> ... and for Win32 executables.
>
Parlor trick.
So far, all the things you mention require the certifier to be suborned.
> Our real work is chosen-prefix collisions combined with
> multi-collisions. This is crypto, it has not been done before,
Certainly it was done before! We talked about it more than a decade ago.
We knew that what was "computationally infeasible" would become feasible.
Every protocol I've designed or formally reviewed is protected against the
chosen prefix attack. (To qualify, where I had final say. I've reviewed
badly designed protocols, such as IKE/ISAKMP. And I've been overruled by
committee from time to time....)
What *would* be crypto is the quantification of where MDx currently falls
on the computational spectrum.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list