LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] SSH dictionary attacks.

[ILUG] SSH dictionary attacks.

Owen O' Shaughnessy owen.oshaughnessy at gmail.com
Tue Aug 29 20:54:04 IST 2006 

paul at clubi.ie wrote:
> On Tue, 29 Aug 2006, Harry Duncan wrote:
>
>> schemes exist for the generation of _meaningful_ collissions in
>> both MD5 and SHA1, the whole basis for trust, and trust paths /
>> chains is out the window.
>
> That really depends on the mode they're used in...
>
> The attacks require the attacker to control (in sense of being able
> to modify arbitrarily) /both/ sets of data for which a collision is
> desired. There is still no known first or second preimage attack on
> either MD5 or SHA-1, TTBOMK.
>
> For public-key and MAC mode signatures, this means the attack is only
> meaningful if the attacker knows the secret key (the digest value is
> immutable unless one knows the secret key) in which case, the
> weakness in the digest algo makes no difference.

Your degree of verbosity on the subject far exceeds my understanding
of both the topic and the english language, but from the limited
knowledge that I do have of both, I understand that the basis for a
collission attack on the ciphers is always based on using two distinct
private keys, and not one as you suggest.

However, that is unimportant in the scheme of the latest attack. The
notion put forward is that two distinct keys can sign different
"meaningful" messages and end up with the same digital signature. The
attack is based on HTML rendering of the data, and hiding "garbage" in
the unrendered metadata in the file. So, the messages are only
meaningful when viewed as rendered data in a html viewer, but the raw
data reveals any amount of meaningless data making the attack readily
identifiable.

The solution to this problem is much simpler than Proinnsias's dual
signature approach, you simply need to take the file size into
consideration to beat this attack, as the attack will not render two
files of identical file size. This would render all variations on the
attack, ie. when its taken outside the realm of html, useless.

The world of cryptography is therefore saved without any miraculous
intervention from the world of matematics or the superior knowledge of
Jackma & Co ;-D

Regards,

Owen.

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell