[17468] in cryptography@c2.net mail archive
RE: Collisions for hash functions: how to exlain them to your boss
daemon@ATHENA.MIT.EDU (Weger, B.M.M. de)
Mon Jun 13 18:45:59 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 13 Jun 2005 21:53:04 +0200
From: "Weger, B.M.M. de" <b.m.m.d.weger@TUE.nl>
To: "EKR" <ekr@rtfm.com>
Cc: <cryptography@metzdowd.com>,
"Stefan Lucks" <lucks@th.informatik.uni-mannheim.de>
Hi Eric,
Technically speaking you're correct, they're signing a program.
But most people, certainly non-techies like Alice's boss,
view postscript (or MS Word, or <name your favourite document=20
format that allows macros>) files not as programs but as static=20
data. In being targeted at non-techies I find this attack more=20
convincing than those of Mikle and Kaminsky, though essentially
it's a very similar idea.
Note that opening the postscript files in an ASCII-editor
(or HEX-editor) immediately reveals the attack. Stefan Lucks
told me they might be able to obfuscate the postscript code,=20
but again this will only fool the superficial auditor.
Grtz,
Benne
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=20
Technische Universiteit Eindhoven=20
Coding & Crypto Groep=20
Faculteit Wiskunde en Informatica=20
Den Dolech 2=20
Postbus 513=20
5600 MB Eindhoven=20
kamer HG 9.84=20
tel. (040) 247 2704, bgg 5141=20
e-mail: b.m.m.d.weger@tue.nl=20
www: http://www.win.tue.nl/~bdeweger=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=20
=20
> -----Original Message-----
> From: owner-cryptography@metzdowd.com=20
> [mailto:owner-cryptography@metzdowd.com] On Behalf Of Eric Rescorla
> Sent: maandag 13 juni 2005 17:05
> To: Stefan Lucks
> Cc: cryptography@metzdowd.com
> Subject: Re: Collisions for hash functions: how to exlain=20
> them to your boss
>=20
> Stefan Lucks <lucks@th.informatik.uni-mannheim.de> writes:
> > Magnus Daum and myself have generated MD5-collisons for=20
> PostScript files:
> >
> > http://th.informatik.uni-mannheim.de/people/lucks/HashCollisions/
> >
> > This work is somewhat similar to the work from Mikle and=20
> Kaminsky, except=20
> > that our colliding files are not executables, but real documents.=20
> >
> > We hope to demonstrate how serious hash function collisions=20
> should be=20
> > taken -- even for people without much technical background.=20
> And to help=20
> > you, to explain these issues=20
> >
> > - to your boss or your management,
> > - to your customers,
> > - to your children ...
>=20
> While this is a clever idea, I'm not sure that it means what you imply
> it means. The primary thing that makes your attack work is that the
> victim is signing a program which he is only able to observe mediated
> through his viewer. But once you're willing to do that, you've got a
> problem even in the absence of collisions, because it's easy to write
> a program which shows different users different content even if you
> without hash collisions. You just need to be able to write
> conditionals.
>=20
> For more, including an example, see:
> http://www.educatedguesswork.org/movabletype/archives/2005/06/
> md5_collisions.html
>=20
> -Ekr
>=20
>=20
>=20
>=20
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to=20
> majordomo@metzdowd.com
>=20
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
