On Thu, 26 Aug 2004, Trei, Peter wrote: > While any weakness is a concern, and I'm not > going to use any of the compromised algorithms > in new systems, this type of break seems to be > of limited utility. > > It allows you (if you're fortunate) to modify a signed > message and have the signature still check out. > However, if you don't know the original plaintext > it does not seem to allow you construct a second > message with the same hash.
The Wikipedia article on hashes is pretty good on this topic: http://en.wikipedia.org/wiki/Cryptographic_hash_function So far, we know that the affected hashes are not collision resistant. They may still be at least somewhat one way and second preimage resistant, in which case systems which only require those properties might still be safe. But any system which specifies a secure hash in the general sense would have to come under very close scrutiny to see if it makes any assumptions at all about collision resistance. -J --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]