gnumed-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnumed-devel] GNotary


From: Tim Churches
Subject: Re: [Gnumed-devel] GNotary
Date: Wed, 31 Aug 2005 05:35:44 +1000
User-agent: Mozilla Thunderbird 1.0 (Windows/20041206)

Karsten Hilbert wrote:
> On Tue, Aug 30, 2005 at 08:23:30AM +0800, Syan Tan wrote:
> 
> 
>>Hashing the logs and publishing it in a paper seems to be a good idea.
> 
> ... suggested by none other than Bruce Schneier, certainly
> someone with a clue.
> 
> 
>>At a
>>document level, if the document was a program and
>>the program was obfuscatable, and the hash was md5 , then you could do the
>>2-documents-in-1-with-switching-on-the-identically-hashing-appended-block
>>attack.
> 
> I cannot follow that. If you are referring to collisions in
> a hash - yes, that's a risk. So you better use strong (for
> now) hashes and several hashes of different kinds at the
> same time. Again, as suggested by Bruce Schneier.

Syan is referring tot he Daum and Lucks attack described here -
basically it uses a has collision to cause a Postscipt programme to
switch between printing two different documents, both of which are
embedded in teh Postscipt file. Clever but trivial to detect:
http://www.cits.rub.de/MD5Collisions/

Tim C




reply via email to

[Prev in Thread] Current Thread [Next in Thread]