[16050] in cryptography@c2.net mail archive
RE: How thorough are the hash breaks, anyway?
daemon@ATHENA.MIT.EDU (Whyte, William)
Tue Aug 31 16:18:43 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Whyte, William" <WWhyte@ntru.com>
To: 'Matt Crawford' <crawdad@fnal.gov>,
Ian Grigg <iang@systemics.com>
Cc: Daniel Carosone <dan@geek.com.au>,
crypto <cryptography@metzdowd.com>
Date: Tue, 31 Aug 2004 14:46:13 -0400
To be more precise: Your odds of getting a modulus that
you can divide by something are very high. Your odds of
getting a modulus that you can factor efficiently are
very low.
William
> -----Original Message-----
> From: Matt Crawford [mailto:crawdad@fnal.gov]
> Sent: Monday, August 30, 2004 11:47 AM
> To: Ian Grigg
> Cc: Daniel Carosone; crypto
> Subject: Re: How thorough are the hash breaks, anyway?
>
>
> >> certificates. The public key data is public, and it's a "random"
> >> bitpattern where nobody would ever notice a few different bits.
> >> If someone finds a collision for microsoft's windows
> update cert (or a
> >> number of other possibilities), and the fan is well and
> truly buried
> >> in it.
> >
> > Correct me if I'm wrong ... but once finding
> > a hash collision on a public key, you'd also
> > need to find a matching private key, right?
>
> But the odds are that you'd get an easy-to-factor modulus. Would the
> casual relying party ever notice that? I think not.
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to
> majordomo@metzdowd.com
>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
