Re: hash functions Re: OVC - I "really" need yourhelp with "public disclosure" legislative suggestion

From: Ed Kennedy <ekennedyx_at_yahoo_dot_com>
Date: Mon Nov 27 2006 - 22:06:52 CST

Thank you folks for your erudite discussion on the weaknesses of Hash
functions. If I read you correctly, this works best for a 'message in a
bottle' approach and unfortunately does not really deal with hardware hacks
such as concealing mischief oriented code in the 'boot loader,' and such. I
was afraid of that. Still, I guess it could be part of a suite of tools and
techniques that might be applied. I'll leave it to you experts to figure
out how. Thanks for your feedback.

 --

Edmund R. Kennedy, PE
10777 Bendigo Cove
San Diego, CA 92126

-----Original Message-----
From: ovc-discuss-bounces+ekennedyx=yahoo.com@listman.sonic.net
[mailto:ovc-discuss-bounces+ekennedyx=yahoo.com@listman.sonic.net] On Behalf
Of Joseph Lorenzo Hall
Sent: Monday, November 27, 2006 5:37 PM
To: Open Voting Consortium discussion list
Subject: Re: [OVC-discuss] hash functions Re: OVC - I "really" need yourhelp
with "public disclosure" legislative suggestion

On 11/27/06, Charlie Strauss <cems@earthlink.net> wrote:
> Heres' a couple articles. The important feature is that attack
> requires cooperation from the victim in the sense that there needs to
> be a large mutable region the attacker can modify without changing
> the length of the document. So if don't cooperate and are not
> stupid, you can avoid this attack.
>
>
>
> http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
> http://www.cits.rub.de/MD5Collisions/
>
> http://www.heise-security.co.uk/news/77244

So, MD5 and SHA hash functions (that aren't keyed like in HMAC) can
have designed collisions (or will soon).

What other non-keyed hash functions out there will people move to now
that these popular ones have proven cryptanalytical weaknesses? And
does a suite of hashes... like MD5/SHA-256/Tiger/WHIRLPOOL prove to be
infeasible to collide (is there literature on suites of hashes)? -Joe

-- 
Joseph Lorenzo Hall
PhD Student, UC Berkeley, School of Information
<http://josephhall.org/>
_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
==================================================================
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
==================================================================
Received on Thu Nov 30 23:17:14 2006

This archive was generated by hypermail 2.1.8 : Thu Nov 30 2006 - 23:17:19 CST