Hi, On 08/18/2004 04:01 PM, Shachar Shemesh wrote: > Also, I wrote a newbie friendly explanation of what happens there in my > blog. http://www.israblog.co.il/35850.
... which includes: ---- ×× ×××× ×× ×××××××× ××××××, ×××× ×××× ×"×××××××" ×××××× ××××××× ×× ××××× ××× ××××× ×××× ××× ×××× ××××, ×××××, ××××× ×××××× ×××××× ×× ×× ×× ××××××× ×××××× ×××××. ×××× ××, ×× ×××× ××××× ××× ××××× ×××× ××× ××××. ×××× ××, ××××× ×××× ××××××, ×××××× ××××××× ×××××× ×××××, ××××× ×× ×××× ×"×××××" ×× ×××××× ×××××× ×× ××××××× ×××××× ×××× ×××× ××××. ×××× ×× ××××× ××××× ×××××× ×××, ××× ×× ××××× ××××××××. ---- As far as I can tell, the current attacks only let you choose an arbitrary prefix and obtain two messages, having the same hash, that are "random-looking" except for both having the chosen prefix. How is this sufficient for performing the cheating you describe? Also, in regard to your taxonomy, one can also distinguish between finding a preimage given a hash, and finding a *second* preimage of the hash of a given message. In general the latter may be easier. For example, consider the Rabin one-way function (i.e., squaring modulo a nasty prime); we don't know how to efficiency compute the modular square root of a given number, but given one square root it only takes one keystroke to find another one. Of course, that's not a secure hash function for quite a few other reasons, but it's quite thinkable that some common hash functions have similar properties. Eran -------------------------------------------------------------------------- Haifa Linux Club Mailing List (http://www.haifux.org) To unsub send an empty message to [EMAIL PROTECTED]
