Weger, B.M.M. de wrote:
The parlor trick demonstrates a weakness of the pdf format, not MD5.
I disagree. We could just as easy have put the collision blocks
in visible images.
Parlor trick.
... We could just as easy have used MS Word
documents, or any document format in which there is some way
of putting a few random blocks somewhere nicely.
Parlor trick.
... We say so on
the website. We did show this hiding of collisions for other data
formats, such as X.509 certificates
More interesting. Where on your web site? I've long abhorred the
X.509 format, and was a supporter of a more clean alternative.
... and for Win32 executables.
Parlor trick.
So far, all the things you mention require the certifier to be suborned.
Our real work is chosen-prefix collisions combined with
multi-collisions. This is crypto, it has not been done before,
Certainly it was done before! We talked about it more than a decade ago.
We knew that what was "computationally infeasible" would become feasible.
Every protocol I've designed or formally reviewed is protected against the
chosen prefix attack. (To qualify, where I had final say. I've reviewed
badly designed protocols, such as IKE/ISAKMP. And I've been overruled by
committee from time to time....)
What *would* be crypto is the quantification of where MDx currently falls
on the computational spectrum.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
