On Tue, 29 Aug 2006, Harry Duncan wrote:
> schemes exist for the generation of _meaningful_ collissions in
> both MD5 and SHA1, the whole basis for trust, and trust paths /
> chains is out the window.
That really depends on the mode they're used in...
The attacks require the attacker to control (in sense of being able
to modify arbitrarily) /both/ sets of data for which a collision is
desired. There is still no known first or second preimage attack on
either MD5 or SHA-1, TTBOMK.
For public-key and MAC mode signatures, this means the attack is only
meaningful if the attacker knows the secret key (the digest value is
immutable unless one knows the secret key) in which case, the
weakness in the digest algo makes no difference.
- So are these digest algorithms now weak?
- Is any use of these algorithms now insecure?
That depends, for certain uses:
But for many *common* uses of these algorithms:
- Might the known weaknesses be extended in future to fully break
Maybe, maybe not.
To paraphase one notable cryptologist: "Walk, but no need yet to run
in panic, to the exit".
See RFC4270 for a summary discussion of the implications of these
attacks, co-authored by aforementioned notable cryptologist.
(note carefully that the PKIX attack does not affect the validity of
signatures made with public keys in any way).
Paul Jakma paul at clubi.iepaul at jakma.org Key ID: 64A2FF6A
He who attacks the fundamentals of the American broadcasting industry
attacks democracy itself.
-- William S. Paley, chairman of CBS
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!