collision vs. preimage attacks: policy for signing data created by others

Hubert Kario hka at
Thu Oct 4 22:09:27 CEST 2012

On Thursday 04 of October 2012 10:51:57 spam man wrote:
> So the question is...
> 1.) I have two different messages that have the same hash value (a
> collision).
>            hash("foo") = abcdefg
>            hash("bar") = abcdefg
> 2.) Now you want to append identical new data to the messages and see if
> the new hashes would still be collisions?
>           hash("foo and here are some more words") = tuvwxyz
>           hash("bar and here are some more words") = tuvwxyz
> Is this your question?

won't the answer to that depend on the hash in question?

The hash output depends on internal state of the hash function.

If the output depends on all bits of internal state then yes, appending new 
data should give the same output.

If the output depends only on some bits of internal state (we have 512 bits 
of internal state and the output is only 256bit) then appending new data may 
or may not give the same output. If the collision was found randomly I'd say 
the latter has more chance of happening.

Or am I missing something?

Hubert Kario
QBS - Quality Business Software
02-656 Warszawa, ul. Ksawerów 30/85
tel. +48 (22) 646-61-51, 646-74-24

More information about the Gnupg-users mailing list