MD5 and SHA cracked/broken...
Tim Churches
tchur at optushome.com.au
Mon Sep 13 05:03:47 EDT 2004
On Mon, 2004-09-13 at 13:16, Sam Holden wrote:
> On 12 Sep 2004 20:11:11 -0700, Paul Rubin <> wrote:
> > Sam Holden <sholden at flexal.cs.usyd.edu.au> writes:
> >> Creating a collision between a "useful" file which people can
> >> examine and use and a "trojan" file which does "bad things" is
> >> significantly more difficult than creating two files whose
> >> MD5 sums collide but whose contents are essentially "random".
> >
> > Of course it's not. Just have a block of random-looking data
> > somewhere in the file, like in a bitmap image or something. Who's
> > going to notice, if the bitmap doesn't actually get displayed?
>
> Creating a collision of files containing some desired data plus a block
> of "random" data is different than creating collisions of files that
> contain purely "random" data.
Yes, that's difference between 2nd preimage resistance and collision
resistance. I am told by cryptographers that the recently reported
attacks against SHA only relate to its collision resistance, not its 2nd
preimage resistance.
--
Tim C
PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere
or at http://members.optushome.com.au/tchur/pubkey.asc
Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0
More information about the Python-list
mailing list