[Nottingham] Can't remember the term for a cryptographic technique...

Martin martin at ml1.co.uk
Wed May 28 09:44:42 BST 2008


Danny King wrote:
[...]
> Alice creates a cyphertext from her secret message and gives Bob key1
> and Fred key2. Bob uses key1 to decode the true message whilst Fred
> uses key2 on the same cyphertext to decode a different but still
> conceivable message.
> 
> Can anyone help me to remember the name of this practice? I've been
> googling and wikipeding for an hour with no success!

Second thoughts...

Are you touching on the md5 hash clash trick whereby you can have two
subtly different digitally signed attachments that have the SAME md5
signature?...

The trick with that is to use something such as a pdf with a simple
conditional in there so that you get one or the other of a number of
messages depending on how you tweak the conditional. The conditional is
tweaked in such a way that the text required to change the code *still
generates the SAME md5 sum* for that attachment.

See:
http://en.wikipedia.org/wiki/Digest_access_authentication
http://en.wikipedia.org/wiki/Hash_collision

"The collisions against MD4, MD5, HAVAL-128, and RIPEMD were found by
the Chinese researcher Xiaoyun Wang with co-authors Dengguo Feng, Xuejia
Lai, and Hongbo Yu. (See http://eprint.iacr.org/2004/199.pdf.) In
February 2005, an (as-yet unimplemented) attack against SHA-1 was
reported by Xiaoyun Wang, Lisa Yiqun Yin, and Hongbo Yu that can find
collisions in SHA-1 with an estimated effort of 2^69 hash computations."

I vaguely remember it was the Chinese authors that demonstrated the pdf
trick of having two different documents being displayed despite showing
the /same/ digital signature.


So, why?

;-)

Regards,
Martin

-- 
----------------
Martin Lomas
martin at ml1.co.uk
----------------



More information about the Nottingham mailing list