Karsten Hilbert wrote: > On Tue, Aug 30, 2005 at 08:23:30AM +0800, Syan Tan wrote: > > >>Hashing the logs and publishing it in a paper seems to be a good idea. > > ... suggested by none other than Bruce Schneier, certainly > someone with a clue. > > >>At a >>document level, if the document was a program and >>the program was obfuscatable, and the hash was md5 , then you could do the >>2-documents-in-1-with-switching-on-the-identically-hashing-appended-block >>attack. > > I cannot follow that. If you are referring to collisions in > a hash - yes, that's a risk. So you better use strong (for > now) hashes and several hashes of different kinds at the > same time. Again, as suggested by Bruce Schneier.
Syan is referring tot he Daum and Lucks attack described here - basically it uses a has collision to cause a Postscipt programme to switch between printing two different documents, both of which are embedded in teh Postscipt file. Clever but trivial to detect: http://www.cits.rub.de/MD5Collisions/ Tim C _______________________________________________ Gnumed-devel mailing list [email protected] http://lists.gnu.org/mailman/listinfo/gnumed-devel
