What about in session setup? On Sun, Aug 27, 2006 at 12:49:23PM +0100, Michael Rogers wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > freenetwork at web.de wrote: > > Hash function SHA-1 in distress > > As worrying as this is, I don't think it affects Freenet yet. The attack > undermines the collision-resistance of the hash function, but as far as > I know Freenet only makes use of second-preimage-resistance. > > Collision-resistance means it's hard to find two messages x and y such > that h(x) == h(y), whereas second-preimage-resistance means that given a > message x or a hash h(x), it's hard to find a second message y such that > h(x) == h(y). The difference is that in the first case the attacker can > manipulate both messages until the hashes match, which is how this > attack seems to work, whereas in the second case the attacker can only > manipulate one of the messages. > > If collision-resistance is broken, an attacker can: > > * Generate two different CHK blocks with the same key > * Generate two different SSK keypairs with the same hash > * Generate two different KSK names with the same keypair > > As far as I can tell, none of these attacks would allow the attacker to > delete or modify existing data... can anyone think of any others? > > Cheers, > Michael > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.5 (GNU/Linux) > > iD8DBQFE8YbDyua14OQlJ3sRAjgYAKCsBVHtRyMRtlUnIw3w+Xgp1Ke0VwCgrE66 > 3iNSTHEEiG8SbpB7Mmw1i9k= > =xuRd > -----END PGP SIGNATURE----- > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl >
-- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20060830/378b98b0/attachment.pgp>
