[17472] in cryptography@c2.net mail archive
Re: Collisions for hash functions: how to exlain them to your boss
daemon@ATHENA.MIT.EDU (Eric Rescorla)
Mon Jun 13 18:51:12 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: "Weger, B.M.M. de" <b.m.m.d.weger@TUE.nl>
Cc: <cryptography@metzdowd.com>,
"Stefan Lucks" <lucks@th.informatik.uni-mannheim.de>
Reply-To: EKR <ekr@rtfm.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 13 Jun 2005 14:09:26 -0700
In-Reply-To: <9F38CF35D80CAE409B979F3EB5242B4A02E71837@winex2.campus.tue.nl> (B.
M. M. de Weger's message of "Mon, 13 Jun 2005 21:53:04 +0200")
"Weger, B.M.M. de" <b.m.m.d.weger@TUE.nl> writes:
>
> Technically speaking you're correct, they're signing a program.
> But most people, certainly non-techies like Alice's boss,
> view postscript (or MS Word, or <name your favourite document
> format that allows macros>) files not as programs but as static
> data. In being targeted at non-techies I find this attack more
> convincing than those of Mikle and Kaminsky, though essentially
> it's a very similar idea.
>
> Note that opening the postscript files in an ASCII-editor
> (or HEX-editor) immediately reveals the attack. Stefan Lucks
> told me they might be able to obfuscate the postscript code,
> but again this will only fool the superficial auditor.
Yes, this is all true, but it's kind of orthogonal to my point,
which is that if you're willing to execute a program, this
attack can be mounted *without* the ability to produce hash
collisions. The fact that so few people regard PS, HTML, Word,
etc. as software just makes this point that much sharper.
As far as I can tell, the ability fo produce hash collisions just
makes the attack marginally worse.
-Ekr
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
