On Thu, Aug 28, 2008 at 11:03:01PM -0700, SJS wrote:
(Plus, there are now "new" attacks on hashing functions, so the "hash a secret" technique might not last for too much longer. Whee!)
The hashes are still secure as long as the attacker doesn't get to choose the secret. The current attacks allow generation of multiple source texts that produce the same hash (which is not previously defined). This is very different than finding a source text that produces a specific hash. The broken hashes aren't useful for signature purposes, since the attack allows two arbitrarily modified documents to produce the same signature. David -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
