Re: SHA-1 broken

From: Denis Jedig (
Date: 02/20/05

  • Next message: Ruud H.G. van Tol: "Re: Joint encryption?"
    Date: Sun, 20 Feb 2005 10:45:04 +0100
    To: "" <>

    Tollef Fog Heen wrote:

    > | we might think of changing the requirement of collision resistance
    > | to "collision resistance in input data that is valid ASCII text". The
    > | attacks on MD5 used the weak avalanche of the highest-order bit
    > | in 32-bit words for producing the collision, basically precluding the
    > | possibility of generating colliding ASCII text.
    > That's not really useful is you want to sign something in non-English
    > languages. Valid UTF8 might be a decent requirement, though.

    What about Word documents? PDF files? Executable code? Depending on the
    context the meaning of "valid" will differ greatly. So you would have to
    supply a validation engine together with the signed data.

    I do not know enough about the characteristics of the MD5 attack to
    judge if using Base64-encoding beforehand would strongly mitigate it,
    however, an abstraction layer of encoding in a well-known format would
    make validation of the encoded stream easier. The big question is if
    there is a gain at all when using this validation - we still do not
    validate the original data, just the abstraction layer.

    Denis Jedig
    syneticon GbR

  • Next message: Ruud H.G. van Tol: "Re: Joint encryption?"