collision vs. preimage attacks: policy for signing data created by others
Hauke Laging
mailinglisten at hauke-laging.de
Wed Oct 3 07:07:32 CEST 2012
Am Mo 24.09.2012, 19:06:17 schrieb Hauke Laging:
Oh no – I am responding to my own email...
> Given the much bigger difficulty of preimage attacks, would a rule make
> sense not to sign a document that someone else has created (and thus been
> given the opportunity for a collision attack)? The solution would be to
> change the file in a way that does not affect the meaning (e.g. an
> additional space somewhere) and can easily be detected to match this
> condition.
But I happened to find and answer to my question. In a seven and a half years
old article about a collision attack against SHA-1. It's in German, though:
http://www.heise.de/security/artikel/Keine-Panik-271334.html
("Grundsätzlich ist es eine gute Idee, vor dem digitalen Signieren eines
Dokuments immer noch selbst eine kosmetische Änderung vorzunehmen.")
It says: It does in general make sense to make a small change (that does not
change the meaning) to a file before signing.
I have another question about hashes:
Given two different files that have the same hash value. If some data is
appended (or prepended) to both files do the resulting files still have the
same hash value?
Hauke
--
☺
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20121003/2426d255/attachment.pgp>
More information about the Gnupg-users
mailing list