[Cryptography] Oracle discovers the 1990s in crypto
Arnold Reinhold
agr at me.com
Mon Jan 23 13:35:49 EST 2017
On Sun, 22 Jan 2017 19:03 Viktor Dukhovni pointed out:
>> On Jan 22, 2017, at 5:34 PM, Natanael <natanael.l at gmail.com <mailto:natanael.l at gmail.com>> wrote:
>>
>> http://www.mscs.dal.ca/~selinger/md5collision/ <http://www.mscs.dal.ca/~selinger/md5collision/>
>>
>> From 2006, and since then there's even been multicollision multifiletype hash collision generators with GPU acceleration and more.
>>
>> You can trivially generate valid files with colliding hashes.
>
> Let's not confuse collision attacks with second pre-image attacks.
>
> Tampering with existing signed objects requires a second pre-image
> attack. What is the estimated complexity of the best known second
> pre-image attack on MD5?
It’s true that tampering with existing signed objects requires a second pre-image attack, but creating two versions of software with the same sig could be accomplished by an entity who has the ability alter the final version of the legitimate object being signed, say by modifying a random nonce, bitmap or seed, or messing with white space in comments. This attack mode would only require a collision attack. The entity could be a mole working for loyalty to a cause, financial gain, or under duress. It might be done remotely if configuration management security is breached or the government could order cooperation e.g. in the U.S. by National Security Letter.
Arnold Reinhold
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170123/2e54ff88/attachment.html>
More information about the cryptography
mailing list