collision vs. preimage attacks: policy for signing data created by others

Hauke Laging mailinglisten at hauke-laging.de
Wed Oct 3 07:07:32 CEST 2012


Am Mo 24.09.2012, 19:06:17 schrieb Hauke Laging:

Oh no – I am responding to my own email...

> Given the much bigger difficulty of preimage attacks, would a rule make
> sense not to sign a document that someone else has created (and thus been
> given the opportunity for a collision attack)? The solution would be to
> change the file in a way that does not affect the meaning (e.g. an
> additional space somewhere) and can easily be detected to match this
> condition.

But I happened to find and answer to my question. In a seven and a half years 
old article about a collision attack against SHA-1. It's in German, though:

http://www.heise.de/security/artikel/Keine-Panik-271334.html

("Grundsätzlich ist es eine gute Idee, vor dem digitalen Signieren eines 
Dokuments immer noch selbst eine kosmetische Änderung vorzunehmen.")

It says: It does in general make sense to make a small change (that does not 
change the meaning) to a file before signing.


I have another question about hashes:
Given two different files that have the same hash value. If some data is 
appended (or prepended) to both files do the resulting files still have the 
same hash value?


Hauke
-- 
☺
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20121003/2426d255/attachment.pgp>


More information about the Gnupg-users mailing list