> I read that to say "attacker can find two messages, A and B, that have > the same hash". Now, the questions: > 1. Do A and B have to follow some mathematical rule? I.e. - is it > possible to say "This particular A cannot be the result of this attack"? Currently yes. but soon not. It's only a technical matter to be solved.
> 2. Does the attack still apply if one of them is chosen in advance? I.e. > - is it possible for you to compute an identical hash to one that > matches a message I already wrote? Currently no. In the near future my guess would be yes. > If you try to recall the old days when you were a mere BA student and > learned Crypto, one of the homework exercises of the course was along > the following line: > 1. Read the specs for Sha1 > 2. Show that any two messages that have the following structure have the > same SHA1 hash. > (You gotta love studying with Eli Biham :-) I don't recall such an exercise. I recall an exercise where we were requested to forge DSA signatures > > That attack, in and on itself, was not sufficient to say that SHA1 is > broken, because the chances your original message follow that format is > not high. Is this attack of a different nature? > yes. There are REAL collisions. > Shachar > > -- Orr Dunkelman, [EMAIL PROTECTED] "Any human thing supposed to be complete, must for that reason infallibly be faulty" -- Herman Melville, Moby Dick. Spammers: http://vipe.technion.ac.il/~orrd/spam.html GPG fingerprint: C2D5 C6D6 9A24 9A95 C5B3 2023 6CAB 4A7C B73F D0AA (This key will never sign Emails, only other PGP keys.) -------------------------------------------------------------------------- Haifa Linux Club Mailing List (http://www.haifux.org) To unsub send an empty message to [EMAIL PROTECTED]
