[14316] in cryptography@c2.net mail archive
A quick question...
daemon@ATHENA.MIT.EDU (Paul Walker)
Sun Sep 28 12:17:27 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sat, 27 Sep 2003 23:53:08 +0100
From: Paul Walker <paul@black-sun.demon.co.uk>
To: cryptography@metzdowd.com
Hi,
Apologies in advance for the vagueness of the question...
Talking to a friend the other day, he was telling me about a potential
loophole with SHA-1 hashes protected by an RSA signature. Basically, he
seemed to think that with an SHA hash of a suitable length (say, 2^20), the
hash could be cubed and still not 'fail', since it was below the key
modulus. If you change the hash length, this problem doesn't occur.
I'm unconvinced for a number of reasons - this sounds very strange to me.
Not least because, even if cubing the hash does work (why cubing?), since
it's infeasible to create a binary which produces a given hash it still
doesn't help.
Could someone help shed some light on this? Either pointing me at a paper
documenting the hole, or confirming that it's gibberish (at which point I'll
go back to work and ask him for more details :).
Thanks,
--
Paul
The ability to quote is a serviceable substitute for wit.
-- W. Somerset Maugham
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
