-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 19/02/13 23:49, Kjell Braden wrote: > On 2013-02-19 23:05, Michael Rogers wrote: >> based on the first 80 bits of the hash of the service's public >> key, so a collision can be generated after an expected 2^80 >> attempts. > > Some nitpicking: with the birthday attack you can find collisions > on a n-bit hash function using 2^(n/2) evaluations with > probability >> 1/2. This means, you only need 2^40 attempts to find collisions > with a probability higher than 1/2.
As far as I understand it (which isn't very far), you can find a preimage that collides with a given hash in 2^n attempts, or two preimages that collide with each other in 2^(n/2) attempts. The former could be used to generate a bogus key for a given hostname. I don't see how the latter could be used to attack hidden services (though that doesn't mean it couldn't). Cheers, Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJRJBH1AAoJEBEET9GfxSfME8gH/i414BltaPbWUUEPpiPrn0VF gZaKjC9SH+H4S5khJizaf6ihaGElFt221quudxExbGyEVWIRoyaPTlW7Ej9AjsQk eTIfqo8Hs1oj1IzqR23FyhRXnSj+wVumw+zJJc2GPsTjbJm1b48Cevu7pNqHLmYE n2J1369VsHc6JyDxjOtA3QP19RngzqJbKNQFGxtuVb1/4T3QxuzZ3X6dAR/NJQz5 6fdNaAGUTBiGH1KwcbPB17PvroFJaJx39Y9LOLwnwtAO2S5kKjRvjXylZFknVwBM gfm50AEGGDomlygrf86paC4oA8u8pvpsYW6ie6DzFFmgis92OmkdJkVCHESIwNY= =68hv -----END PGP SIGNATURE----- _______________________________________________ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
