[16022] in cryptography@c2.net mail archive
Re: How thorough are the hash breaks, anyway?
daemon@ATHENA.MIT.EDU (talli@netway.org)
Sat Aug 28 22:09:45 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <412E70B2.8030603@systemics.com>
From: talli@netway.org
To: cryptography@metzdowd.com
Date: Fri, 27 Aug 2004 10:59:12 +0200
Ian Grigg writes:
> Daniel Carosone wrote:
>> There is one application of hashes, however, that fits these
>> limitations very closely and has me particularly worried:
>> certificates. The public key data is public, and it's a "random"
>> bitpattern where nobody would ever notice a few different bits.
>>
>> If someone finds a collision for microsoft's windows update cert (or a
>> number of other possibilities), and the fan is well and truly buried
>> in it.
>
> Correct me if I'm wrong ... but once finding
> a hash collision on a public key, you'd also
> need to find a matching private key, right?
You are not wrong... you can try to find the right private key for your
collision too... ;)
In fact, looking for a collision to a public certificate is not as easy as
breaking a signature but breaking many of them at the same time.
Talliann
>
> iang
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to
> majordomo@metzdowd.com
--
I came. I saw. I clicked.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
