Re: Crack in Computer Security Code Raises Red Flag
From: Pubkeybreaker (Robert_silverman_at_raytheon.com)
Date: 03/16/05
- Next message: Henrick Hellström: "Re: What is next in line"
- Previous message: Trevor L. Jackson, III: "Re: [Lit.] Buffer overruns"
- In reply to: Paul Rubin: "Re: Crack in Computer Security Code Raises Red Flag"
- Next in thread: tomstdenis_at_gmail.com: "Re: Crack in Computer Security Code Raises Red Flag"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 16 Mar 2005 06:09:21 -0800
The "attack" , while at the current edge of feasible computing really
is not
meaningful, even when it is carried out. Even if improved to 2^50 or
so it
would not be meaningful.
Why?
Because the attack does not construct messages that are either
meaningful,
or are related in any way. i.e. if I want to sign a letter, one
would presuppose that
the letter would consist of English text. A random string of bits will
not be English text.
Of course, if you are signing random data, then the attack is
meaningful.
Suppose I wanted to send a letter to my stockbroker saying "Buy".
The stock takes a nose dive and I want to repudiate my letter. How do
I then
find two messages M1 and M2 such that both are meaningful text, M1
contains
"Buy" and M2 contains "Sell"? The current attack does not allow
this.
It is not a pre-image attack. And even if it were a pre-image attack,
I can't
imagine that I could find M2 such that Hash(M2) = Hash("Buy") AND
M2 contains a meaningful message saying "Sell". M2 is going to be a
random
(or nearly so) string of bits.
- Next message: Henrick Hellström: "Re: What is next in line"
- Previous message: Trevor L. Jackson, III: "Re: [Lit.] Buffer overruns"
- In reply to: Paul Rubin: "Re: Crack in Computer Security Code Raises Red Flag"
- Next in thread: tomstdenis_at_gmail.com: "Re: Crack in Computer Security Code Raises Red Flag"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
