[17465] in cryptography@c2.net mail archive
Re: Collisions for hash functions: how to exlain them to your boss
daemon@ATHENA.MIT.EDU (Eric Rescorla)
Mon Jun 13 15:01:46 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: Stefan Lucks <lucks@th.informatik.uni-mannheim.de>
Cc: cryptography@metzdowd.com
Reply-To: EKR <ekr@rtfm.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 13 Jun 2005 08:05:00 -0700
In-Reply-To: <Pine.LNX.4.58.0506021910450.29892@errigal.informatik.uni-mannheim.de> (Stefan
Lucks's message of "Thu, 2 Jun 2005 19:12:09 +0200 (CEST)")
Stefan Lucks <lucks@th.informatik.uni-mannheim.de> writes:
> Magnus Daum and myself have generated MD5-collisons for PostScript files:
>
> http://th.informatik.uni-mannheim.de/people/lucks/HashCollisions/
>
> This work is somewhat similar to the work from Mikle and Kaminsky, except
> that our colliding files are not executables, but real documents.
>
> We hope to demonstrate how serious hash function collisions should be
> taken -- even for people without much technical background. And to help
> you, to explain these issues
>
> - to your boss or your management,
> - to your customers,
> - to your children ...
While this is a clever idea, I'm not sure that it means what you imply
it means. The primary thing that makes your attack work is that the
victim is signing a program which he is only able to observe mediated
through his viewer. But once you're willing to do that, you've got a
problem even in the absence of collisions, because it's easy to write
a program which shows different users different content even if you
without hash collisions. You just need to be able to write
conditionals.
For more, including an example, see:
http://www.educatedguesswork.org/movabletype/archives/2005/06/md5_collisions.html
-Ekr
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
