PlayStation 3 predicts next US president

Weger, B.M.M. de b.m.m.d.weger at
Sun Dec 2 12:10:37 EST 2007

Hi William,

> > ... We say so on
> > the website. We did show this hiding of collisions for other data 
> > formats, such as X.509 certificates
> More interesting.  Where on your web site?  I've long abhorred the
> X.509 format, and was a supporter of a more clean alternative.


> > Our real work is chosen-prefix collisions combined with 
> > multi-collisions. This is crypto, it has not been done before,
> Certainly it was done before! 

I was referring to MD5. Apart from that, I'd be interested in
seeing references to older work on chosen-prefix multicollisions.

> What *would* be crypto is the quantification of where MDx 
> currently falls on the computational spectrum.

Our first chosen-prefix collision attack has complexity of about
2^50, as described in our EuroCrypt 2007 paper. This has been 
considerably improved since then. In the full paper that is in
preparation we'll give details of those improvements.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list