Re: SHA-1 broken

• Previous message: Chris Wysopal: "Re: Windows Firewall Has A Backdoor"
• In reply to: Tollef Fog Heen: "Re: SHA-1 broken"
• Next in thread: Steve Friedl: "Re: SHA-1 broken"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 20 Feb 2005 10:45:04 +0100
To: "bugtraq-securityfocus.com" <bugtraq@securityfocus.com>

Tollef Fog Heen wrote:

> | we might think of changing the requirement of collision resistance
> | to "collision resistance in input data that is valid ASCII text". The
> | attacks on MD5 used the weak avalanche of the highest-order bit
> | in 32-bit words for producing the collision, basically precluding the
> | possibility of generating colliding ASCII text.
>
> That's not really useful is you want to sign something in non-English
> languages. Valid UTF8 might be a decent requirement, though.

What about Word documents? PDF files? Executable code? Depending on the
context the meaning of "valid" will differ greatly. So you would have to
supply a validation engine together with the signed data.

I do not know enough about the characteristics of the MD5 attack to
judge if using Base64-encoding beforehand would strongly mitigate it,
however, an abstraction layer of encoding in a well-known format would
make validation of the encoded stream easier. The big question is if
there is a gain at all when using this validation - we still do not
validate the original data, just the abstraction layer.

Denis Jedig
syneticon GbR

• Previous message: Chris Wysopal: "Re: Windows Firewall Has A Backdoor"
• In reply to: Tollef Fog Heen: "Re: SHA-1 broken"
• Next in thread: Steve Friedl: "Re: SHA-1 broken"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]