Cryptography Reference
In-Depth Information
from Bob, and checks the VeriSign certificate for the key. Everything
appears in order.
Bob refuses to pay his debts, stating that he had not signed. In court, he
shows key A with the valid certificate. An inquiry with VeriSign shows
that A had actually been there for verification. However, A does not
verify the signature on Alice's contract, which meant that it was invalid.
If the judge had read this topic, he would have understood immediately that
Bob must have cheated, because the two keys, A and B , could have been
constructed only together — it is still not possible to calculate B for a given
A . Furthermore, the parameters of B are unusual (different bit numbers of
the two prime factors). But I wouldn't rely on such knowledge in court. The
consequence is that one should make sure X.509 certificates are not signed
using MD5, but at least using SHA-1 or even better SHA-256.
Another practical example is the creation of pairs of self-extracting archives
with identical MD5 checksums, as demonstrated in [Mikle]: a malicious
employee creates two such archives. The collision is hidden in a part of the data
not used otherwise. A modified code for extracting the archive tests which of
the two versions is present, and unpacks different archives or files, depending
on the version found. Version 1 is deemed in order and to be published on
the Web. The malicious employee, however, publishes Version 2 on the Net
(which only appears to be the one tested because it creates the same MD5
sum), and this version proliferates malicious software. The consequence is that
you should trust only SHA-1 checksums, or better yet SHA-256, if you cannot
trust the creator of the archive.
The new findings discussed in the previous section have no impact on HMAC
checksums. These are special MACs (i.e., checksums protected by secret keys),
which are computed by the following scheme [MenOoVan, 9.5.2]:
||
||
||
||
HMAC(msg) = hash(key
pad1
hash(key
pad2
msg))
where ' || ' denotes the bitwise appending, and pad1 and pad2 are fixed bit
sequences. Other sources state XOR instead of ' || ' (search the Net for 'RFC
2104'). key is the secret key. You can find more information on how to build
hash functions and about the impact of cryptanalysis in [Wobhash] and in
Wikipedia articles.
 
Search WWH ::




Custom Search