Ivaylo,
I can see why you have that comment. I have modified the document to read
The standard "Collision Attack" is one where an attacker can find two
different messages that have the same hash value.
If a collision attack exists which is insufficiently difficult, then
the function SHOULD NOT be used for a cryptographic purpose.
I briefly thought about talking about what difficult means, but I don’t know of
a really good way to do that.
Jim
From: ivaylo petrov <[email protected]>
Sent: Monday, July 15, 2019 12:44 AM
To: Jim Schaad <[email protected]>
Subject: Comments on the draft-ietf-cose-hash-algs
Hi, Jim,
The new version of the draft seems rather good to me. I have a comment about a
statement in section 2.
> The standard "Collision Attack" is one where an attacker can find two
> different messages that
> have the same hash value. If a collision attack exists, then the function
> SHOULD NOT be used for a cryptographic purpose.
I might be misinterpreting the therm cryptographic purposes, but it seems to me
that this phrasing is not precise enough as every hash function can be
brute-forced to find two different inputs that yield the same output value. The
real issue is when this is not as difficult as expected.
Cheers,
Ivaylo
_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose
