-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 freenetwork at web.de wrote: > Hash function SHA-1 in distress
As worrying as this is, I don't think it affects Freenet yet. The attack undermines the collision-resistance of the hash function, but as far as I know Freenet only makes use of second-preimage-resistance. Collision-resistance means it's hard to find two messages x and y such that h(x) == h(y), whereas second-preimage-resistance means that given a message x or a hash h(x), it's hard to find a second message y such that h(x) == h(y). The difference is that in the first case the attacker can manipulate both messages until the hashes match, which is how this attack seems to work, whereas in the second case the attacker can only manipulate one of the messages. If collision-resistance is broken, an attacker can: * Generate two different CHK blocks with the same key * Generate two different SSK keypairs with the same hash * Generate two different KSK names with the same keypair As far as I can tell, none of these attacks would allow the attacker to delete or modify existing data... can anyone think of any others? Cheers, Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFE8YbDyua14OQlJ3sRAjgYAKCsBVHtRyMRtlUnIw3w+Xgp1Ke0VwCgrE66 3iNSTHEEiG8SbpB7Mmw1i9k= =xuRd -----END PGP SIGNATURE-----
