Re: hash functions Re: OVC - I "really" need your help with "public disclosure" legislative suggestion

From: Karl Auerbach <karl_at_cavebear_dot_com>
Date: Mon Nov 27 2006 - 16:36:22 CST

Joseph Lorenzo Hall wrote:

> Also I was unaware that you could design collisions with MD5 or
> versions of SHA hashing. Charlie, could you point to that literature
> for me? It can't be as trivial as designing CRC collisions. best,

 From what I have read, and since I did not read deeply I might be wrong ...

If one can make arbitrary extensions then the job is a lot easier than if
one has to fit within a constant number of bytes.

Code can be extended with comments containing the necessary gibberish, and
binaries are even easier to extend with data sections containing properly
initialized, but never used, blocks.

One counter may be to use a couple of different hash algorithems - I would
suspect that it makes it harder to bugger MD5 *and* SHA1 simultaneously,
especially if the digests are published with auxiliary information, such as
file size.

Of course, even if you have valid code or binaries, buggering the abstract
environment in which they execute is just as good a way of manipulating the
outcome.

                --karl--

_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Thu Nov 30 23:17:13 2006

This archive was generated by hypermail 2.1.8 : Thu Nov 30 2006 - 23:17:19 CST