On Wed, 11 Dec 2024 14:26:54 +0000 Andrew Gallagher via Gnupg-devel <gnupg-devel@gnupg.org> wrote:
> On 11 Dec 2024, at 11:33, Frank Guthausen <fg.gn...@shimps.de> wrote: > > > > Are there any good solutions to the problem (workflow, best > > practice) besides hoping the hash algorithm will prevent such an > > attack in reasonable time? > > Avoiding hash collisions is the entire point of a hash algorithm. An > external salt doesn’t make it more difficult for an attacker to find > a hash collision, but it prevents an attacker from finding a *useful* > collision in advance. I understand this aspect of the problem. But assuming the document is a contract signed by Alice and Bob, how is the problem solved in a bidirectional manner? This extended problem remains open, because adding a nonce leads to an infinite regress. The problem is the double control of good and evil document, which makes it easier to generate hash collisions. This advantage for Alice moves to Bob when using a nonce from Bob. Usage of external salts would increase difficulty since the free choice is restricted to evil document. My understanding is that external salt is a better choice than nonce inside of the document. But I am not sure whether I am missing something in the chain of arguments. -- kind regards Frank
pgpJK_BWtJnra.pgp
Description: OpenPGP digital signature
_______________________________________________ Gnupg-devel mailing list Gnupg-devel@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-devel
