Here's a nifty article that tells a little story to demonstrate how collisions in hash functions can be used to attack cryptographic protocols such as digital signatures.
Some key points about the attack:
- The attacker created both the original (signed) document and the forgery. It's a lot easier to engineer two messages that hash to the same value if you can vary both messages arbitrarily.
- Some recent advances in attacks on MD5 were used in this attack.
- If Caesar had made a trivial change to the document before signing it, he would have foiled the attack.
If you're building systems that rely on digital signatures, you'd be wise to consider this type of attack. In my early studies of crypto protocols, I recall learning that signing an untrusted document (i.e. a document that you or a friend did not create) is a really bad idea, and this attack is an example that proves that point nicely.
Posted
Jun 23 2005, 02:44 PM
by
keith-brown