[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnumed-devel] GNotary
From: |
Tim Churches |
Subject: |
Re: [Gnumed-devel] GNotary |
Date: |
Wed, 31 Aug 2005 05:35:44 +1000 |
User-agent: |
Mozilla Thunderbird 1.0 (Windows/20041206) |
Karsten Hilbert wrote:
> On Tue, Aug 30, 2005 at 08:23:30AM +0800, Syan Tan wrote:
>
>
>>Hashing the logs and publishing it in a paper seems to be a good idea.
>
> ... suggested by none other than Bruce Schneier, certainly
> someone with a clue.
>
>
>>At a
>>document level, if the document was a program and
>>the program was obfuscatable, and the hash was md5 , then you could do the
>>2-documents-in-1-with-switching-on-the-identically-hashing-appended-block
>>attack.
>
> I cannot follow that. If you are referring to collisions in
> a hash - yes, that's a risk. So you better use strong (for
> now) hashes and several hashes of different kinds at the
> same time. Again, as suggested by Bruce Schneier.
Syan is referring tot he Daum and Lucks attack described here -
basically it uses a has collision to cause a Postscipt programme to
switch between printing two different documents, both of which are
embedded in teh Postscipt file. Clever but trivial to detect:
http://www.cits.rub.de/MD5Collisions/
Tim C