On Sun, Jun 12, 2005 at 10:25:55AM +0200, Petr Baudis wrote: > ----- Forwarded message from zooko@zooko.com ----- > > There is nothing theoretically surprising about this, but hopefully its > concreteness and the accompanying scenario will make an impression on people > on people. The same technique should work to generate two documents with > identical SHA1 hashes. > > http://www.cits.rub.de/MD5Collisions/ > > ----- End forwarded message ----- > > I expected the two postscript files differing in some huge binary blob, > but it turns out the binary part is very small (about 256 bytes) and > only few (about nine) bytes are different, contrary to how people have > predicted the collisions. This is much more close to finding a collision > between similar pure C files, I think. Rather unsettling. > This attack scenario doesn't demonstrate the danger of hash collisions but the danger of signing documents you do not understand. The same technique works exactly in the same way with postscript files which are actually identical but produce different output under different conditions (time, fonts installed on the printer whatever). Never sign anything but plain text or documents which are created in a controlled way and avoid signing documents you did not create yourself. Martin -- One night, when little Giana from Milano was fast asleep, she had a strange dream. - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
This archive was generated by hypermail 2.1.8 : 2005-06-13 00:56:02 EST