Re: Hash functions and streaming
From: Walter Roberson (roberson_at_ibd.nrc-cnrc.gc.ca)
Date: Mon, 24 Oct 2005 20:47:09 +0000 (UTC)
In article <email@example.com>,
frank <firstname.lastname@example.org> wrote:
:I have just heard (although apparently it's old news) that the SHA-1
:has been fundamentally broken. It doesn't take 2**80 hashes for a
:collision to occur, but only 2**69 hashes.
:I don't really understand what problem is caused by someone finding a
:So, my questions are:
:1. Does this mean that they have reversed the hash back to plaintext?
:2. Or have they found some plaintext that hashes to the same value as
:some other plaintext? And if so, why is this considered dangerous?
This is dangerous because the new plaintext might say "This is an
billed media stream; automatically pay $25,000 into the following
:4. If the SHA-1 message digest was not encrypted, what is the worst
:that someone could do if they could create a collision?
See above. Or worse.
:5. If the stream is very long and the compromised block is just 60
:seconds or less of that stream, could a hash collision of that one
:block provide a vulnerability for the rest of the stream? Even though
:each block will have a completely different hash?
Yes. Typically in streaming media, blocks identify themselves as
to their type. The injected block doesn't have to identify itself
as pure media data: it could identify itself as some other
block type that the player happens to have a buffer overflow
-- I am spammed, therefore I am.