To be more precise: Your odds of getting a modulus that you can divide by something are very high. Your odds of getting a modulus that you can factor efficiently are very low.
William > -----Original Message----- > From: Matt Crawford [mailto:[EMAIL PROTECTED] > Sent: Monday, August 30, 2004 11:47 AM > To: Ian Grigg > Cc: Daniel Carosone; crypto > Subject: Re: How thorough are the hash breaks, anyway? > > > >> certificates. The public key data is public, and it's a "random" > >> bitpattern where nobody would ever notice a few different bits. > >> If someone finds a collision for microsoft's windows > update cert (or a > >> number of other possibilities), and the fan is well and > truly buried > >> in it. > > > > Correct me if I'm wrong ... but once finding > > a hash collision on a public key, you'd also > > need to find a matching private key, right? > > But the odds are that you'd get an easy-to-factor modulus. Would the > casual relying party ever notice that? I think not. > > --------------------------------------------------------------------- > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to > [EMAIL PROTECTED] > --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]