Version: 2008
  • On GameSpot: So-called 'Halo killer' gets 23 to life

Comments on: Crypto researchers abuzz over flaws

Presenters at the Crypto 2004 conference identify faster ways to forge digital signatures with popular security algorithms.

Add a Comment (Log in or register) (5 Comments)
  • prev
  • 1
  • next
What's the commotion all about ?
by August 18, 2004 3:27 AM PDT
Obviosuly, since MD5 is restricted to 128 bits collisions will occur. The question is, however, can these collisions be useful - how easy is it for me to forge another document that has the same signature as the original one AND be similar enough as to not to stand out as a forge to it AND contain the "bias" that I want (e.g., increase the sum that must be paid to me in a contract). I suspect that it is virtually impossible for all practical purposes, so besides being an interesting academic issue I fail to see any imminent danger from it...
Reply to this comment
.
by August 18, 2004 11:26 AM PDT
You're correct. It will be difficult to forge a documents signature and not have it stand out. However, I believe the security implication likes in systems such as secure transactions using SSL where it used signed certificates to to secure transactions. And from a persons view point, a certificate just looks like a bunch of random bits. In SSL, suppose a person who want to make a secure payment with his VISA to, for example, amazon.com. What happens here is that person will recieve a digitally signed certificate, which will idenitify the secure transaction. Now with the ability to find such collisions, an attacker can do this: generate 2 certificates (1 legit, 1 spoof of amazon.com) with the same MD5sum. He then sends the legit certificate to a certified authority such as Versign and gets it signed. Then he detaches the signature from the ligit one, and places it on the spoofed amazon.com certificate. Now he has a perfectly valid certificate to pretend to be amazon.
Small remark
by August 19, 2004 12:08 AM PDT
The article states that when someone is able to generate a hash collision, he is also capable of changing code to add backdoors etc.. Well isn't it so that it would be very coincidentatal that an hash collision also would be valid code that opens a backdoor? It's not that you can choose what kind of changes you can make to create a hash collision, right? So in practice this would not be posssible if you ask me.
Reply to this comment
What replaces MD5?
by August 19, 2004 2:56 PM PDT
The story suggested moving away from MD5. What are the
alternatives?
Reply to this comment
Joux did SHA-0 not MD5
by pamdcoy August 23, 2004 12:53 AM PDT
The Chinese researchers did MD5.
Reply to this comment
(5 Comments)
  • prev
  • 1
  • next
advertisement
Click Here

Latest tech news headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

advertisement
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET