On 2013-02-20 00:59, Michael Rogers wrote:
On 19/02/13 23:49, Kjell Braden wrote:
On 2013-02-19 23:05, Michael Rogers wrote:
based on the first 80 bits of the hash of the service's public
key, so a collision can be generated after an expected 2^80
attempts.
Some nitpicking: with the birthday attack you can find collisions
on a n-bit hash function using 2^(n/2) evaluations with
probability
1/2. This means, you only need 2^40 attempts to find collisions
with a probability higher than 1/2.
As far as I understand it (which isn't very far), you can find a
preimage that collides with a given hash in 2^n attempts, or two
preimages that collide with each other in 2^(n/2) attempts. The former
could be used to generate a bogus key for a given hostname. I don't
see how the latter could be used to attack hidden services (though
that doesn't mean it couldn't).
Ooops. I knew I forgot something... Well, it's late here.
--
Kjell
_______________________________________________
OTR-dev mailing list
OTR-dev@lists.cypherpunks.ca
http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
