begin quoting David Brown as of Fri, Aug 29, 2008 at 12:04:50AM -0700: > On Thu, Aug 28, 2008 at 11:03:01PM -0700, SJS wrote: > > >(Plus, there are now "new" attacks on hashing functions, so the > >"hash a secret" technique might not last for too much longer. Whee!) > > The hashes are still secure as long as the attacker doesn't get to > choose the secret.
Well, when you have a counter or a timestamp, you've got a partially-known plaintext. I shudder to think about how much effort it would take to extract a key with such means... > The current attacks allow generation of multiple source texts that > produce the same hash (which is not previously defined). This is very > different than finding a source text that produces a specific hash. Which also doesn't seem like it would offer much help against the securid technique, since what you're looking for there is the key to the hash that will let you replicate a sequence. > The broken hashes aren't useful for signature purposes, since the > attack allows two arbitrarily modified documents to produce the same > signature. I lost your point at "since". -- Too tired to engage brain. +++OUT OF CHEESE ERROR+++ Stewart Stremler -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
