Re: hash functions Re: OVC - I "really" need your help with "public disclosure" legislative suggestion

From: Charlie Strauss <cems_at_earthlink_dot_net>
Date: Mon Nov 27 2006 - 18:58:25 CST

Heres' a couple articles. The important feature is that attack
requires cooperation from the victim in the sense that there needs to
be a large mutable region the attacker can modify without changing
the length of the document. So if don't cooperate and are not
stupid, you can avoid this attack.

http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
http://www.cits.rub.de/MD5Collisions/

http://www.heise-security.co.uk/news/77244

On Nov 27, 2006, at 3:05 PM, Joseph Lorenzo Hall wrote:

> On 11/27/06, Karl Auerbach <karl@cavebear.com> wrote:
>> Edmund R. Kennedy wrote:
>>
>>> Crypographic hash functions are said to be a pretty effective
>>> way to
>>> detect tampering with program code.
>>
>> There are a few quite innocent things that occur during routine
>> transfers
>> that work havoc on checksums - line ending sequences, tab
>> expansions, and
>> end-of-line whitespace pruning.
>>
>> These can be handled (generally by carrying the code around in a
>> bottle of
>> some kind - tar, zip, etc) once one is aware of the issue.
>
> Also I was unaware that you could design collisions with MD5 or
> versions of SHA hashing. Charlie, could you point to that literature
> for me? It can't be as trivial as designing CRC collisions. best,
> -Joe
>
> --
> Joseph Lorenzo Hall
> PhD Student, UC Berkeley, School of Information
> <http://josephhall.org/>
> _______________________________________________
> OVC-discuss mailing list
> OVC-discuss@listman.sonic.net
> http://lists.sonic.net/mailman/listinfo/ovc-discuss

_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Thu Nov 30 23:17:13 2006

This archive was generated by hypermail 2.1.8 : Thu Nov 30 2006 - 23:17:19 CST