Stefan Lucks <[EMAIL PROTECTED]> writes:
> Magnus Daum and myself have generated MD5-collisons for PostScript files:
> This work is somewhat similar to the work from Mikle and Kaminsky, except 
> that our colliding files are not executables, but real documents. 
> We hope to demonstrate how serious hash function collisions should be 
> taken -- even for people without much technical background. And to help 
> you, to explain these issues 
>   - to your boss or your management,
>   - to your customers,
>   - to your children ...

While this is a clever idea, I'm not sure that it means what you imply
it means. The primary thing that makes your attack work is that the
victim is signing a program which he is only able to observe mediated
through his viewer. But once you're willing to do that, you've got a
problem even in the absence of collisions, because it's easy to write
a program which shows different users different content even if you
without hash collisions. You just need to be able to write

For more, including an example, see:


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to