|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
X-Original-To: cryptography@metzdowd.com X-Original-To: cryptography@metzdowd.com Date: Thu, 26 Aug 2004 11:09:49 -0400 From: "Trei, Peter" <ptrei@rsasecurity.com> To: <cryptography@metzdowd.com> [Disclaimer: I've never claimed to be a mathematician, nor even a cryptographer:my business card says 'cryptoengineer'. I've always=20 tried more to understand how to properly use cryptographic=20 primitives than to understand the deep theory of their construction.=20 I go to people who know the theory when I have a question,=20 and they come to me when they need something designed and=20 built correctly and well.] Looking over the recent work on hash collisions, one thing that struck me was that they all seem to be=20 attacks on known plaintext - the 'plaintexts' which collided were very close to each other, varying in=20 only a few bits.=20 While any weakness is a concern, and I'm not going to use any of the compromised algorithms in new systems, this type of break seems to be of limited utility.=20 It allows you (if you're fortunate) to modify a signed message and have the signature still check out.=20 However, if you don't know the original plaintext it does not seem to allow you construct a second message with the same hash. There are many applications where a hash may be exposed, but the attacker does not have access to the original plaintext. One example is password systems, where only the hash of the pw is stored. Thus, the breaks seem to be of utility in some=20 applications, but others remain (for the moment) secure. Am I missing something here? Peter Trei --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |