Hi William, > > ... We say so on > > the website. We did show this hiding of collisions for other data > > formats, such as X.509 certificates > > More interesting. Where on your web site? I've long abhorred the > X.509 format, and was a supporter of a more clean alternative.
See http://www.win.tue.nl/hashclash/TargetCollidingCertificates/ > > Our real work is chosen-prefix collisions combined with > > multi-collisions. This is crypto, it has not been done before, > > Certainly it was done before! I was referring to MD5. Apart from that, I'd be interested in seeing references to older work on chosen-prefix multicollisions. > What *would* be crypto is the quantification of where MDx > currently falls on the computational spectrum. Our first chosen-prefix collision attack has complexity of about 2^50, as described in our EuroCrypt 2007 paper. This has been considerably improved since then. In the full paper that is in preparation we'll give details of those improvements. Grtz, Benne --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
