Hello,
NO sorry I can't understand the logic here, I think I understand the maths behind message digests pretty well and to that point I don't see how the recent results diminish the current crypto grade hash functions in the least.
The researchers have brought about an obscure plain text and provided another text that produces the same hash values
But in reality, what people (i.e.: attackers) want is something like this:
Attack at 1pm to become Attack at 3pm
with common hash values and not something like this:
AtTaZk @ Epn
Even if it did pass the crypto test i.e.: message digest, the literal acceptance by a person would not pass. Now lets assume the case of binary data, most data nowadays is compressed then encrypted. finding a text which will also be uncompressible-per-compression-algorithm and also pass the message digest for another particular text heck you'd have better luck finding snow in the middle of hell. also nowadays some people tend to use multiple digests of data sort of like pealing the onion, in this case including the compression related difficulties etc it all becomes very very near impossible. Possible but highly improbable
To date attacks on crypto (not the software but the algorithms) have been centered around people implementing the algorithms incorrectly i.e.: weak primes etc, in situations where everything is done by the book, only software implementations of the algorithms and also users of the system remain as the weak links in the chain known as a crypto system.
In a final word I would like to say thank-you the people that did this research, the results were needed in order to prove a theory. However everything should be taken into context.
Arash Partow
__________________________________________________ Be one who knows what they don't know, Instead of being one who knows not what they don't know, Thinking they know everything about all things. http://www.partow.net
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
