>From: Eric Rescorla <[EMAIL PROTECTED]> Sent: Jun 14, 2005 9:36 AM
>Subject: Re: Collisions for hash functions: how to exlain them to
>your boss
[Discussing the MD5 attacks and their practicality, especially the
recent postscript demonstration.]
...
>But everything you
John Kelsey <[EMAIL PROTECTED]> writes:
>>From: Eric Rescorla <[EMAIL PROTECTED]>
>>Sent: Jun 13, 2005 5:09 PM
>>To: "Weger, B.M.M. de" <[EMAIL PROTECTED]>
>>Cc: cryptography@metzdowd.com,
>> Stefan Lucks <[EMAIL PROTECTED]>
>From: Eric Rescorla <[EMAIL PROTECTED]>
>Sent: Jun 13, 2005 5:09 PM
>To: "Weger, B.M.M. de" <[EMAIL PROTECTED]>
>Cc: cryptography@metzdowd.com,
> Stefan Lucks <[EMAIL PROTECTED]>
>Subject: Re: Collisions for hash functions: how to exlain them
"Weger, B.M.M. de" <[EMAIL PROTECTED]> writes:
>
> Technically speaking you're correct, they're signing a program.
> But most people, certainly non-techies like Alice's boss,
> view postscript (or MS Word, or format that allows macros>) files not as programs but as static
> data. In being targete
On 6/13/05, Eric Rescorla <[EMAIL PROTECTED]> wrote:
> While this is a clever idea, I'm not sure that it means what you imply
> it means. The primary thing that makes your attack work is that the
> victim is signing a program which he is only able to observe mediated
> through his viewer. But once
w: http://www.win.tue.nl/~bdeweger
=
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Eric Rescorla
> Sent: maandag 13 juni 2005 17:05
> To: Stefan Lucks
> Cc: cryptography@metzdowd.com
> Subje
Stefan Lucks <[EMAIL PROTECTED]> writes:
> Magnus Daum and myself have generated MD5-collisons for PostScript files:
>
> http://th.informatik.uni-mannheim.de/people/lucks/HashCollisions/
>
> This work is somewhat similar to the work from Mikle and Kaminsky, except
> that our colliding files are