Oskar L. schrieb:
> No, in my example I used two, not one messages (pictures) and created
> permutations of both, and then compared both groups of hashes against each
> other.
This appears to be somewhere in the middle between a birthday attack and
a preimage attack.
It looks like a preimage attac
On Sun, 26 Aug 2007, Robert J. Hansen wrote:
> Doug Barton wrote:
>> It almost sounds from what you're saying above that there actually is an
>> argument for RSA's hash firewall being "better" than DSA[2] here, but if I
>> correctly understood what you said later in the thread, the margin by
>> wh
Doug Barton wrote:
> It almost sounds from what you're saying above that there actually is an
> argument for RSA's hash firewall being "better" than DSA[2] here, but if I
> correctly understood what you said later in the thread, the margin by
> which it's "better" is so small as to not be worth
On Sat, 25 Aug 2007, Doug Barton wrote:
> The other question I had is about what you said above regarding truncating
> hashes with DSA2. Am I understanding correctly that even with DSA2 the hash
> size can be no larger than 160 bits?
*sigh* Never mind this bit, I just re-re-read a later part of
On Fri, 24 Aug 2007, David Shaw wrote:
> On Fri, Aug 24, 2007 at 09:06:24PM +0300, Oskar L. wrote:
>
>> Do hash firewalls have any drawbacks (performance decrease, difficult to
>> implement, patent issues etc.)? What's the reason DSA doesn't have one?
>
> I suspect a major reason is the main use o
Allen Schultz wrote:
> Is there a comprehensive list of hashes used in encryption that can
> help me choose which is the best to use?
I'm sure there is, but such a list would not do you much good. The
application you use probably only supports a few. Some are old and
insecure, and should not be us
Allen Schultz wrote:
> Is there a comprehensive list of hashes used in encryption that can
> help me choose which is the best to use?
If all you want is to provide a very high level of authentication for
your messages, just stick with the defaults and you'll do just fine.
Seriously. GnuPG is spe
Is there a comprehensive list of hashes used in encryption that can
help me choose which is the best to use?
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
> Well, except that your attack isn't a birthday attack.
>
> A birthday attack involves making a ton of different messages and
> checking _all_ messages created to find _any_ collision.
>
> Your attack involves taking one particular message and creating
> permutations of it, one after another, look
Oskar L. wrote:
> I only meant to point out that a birthday attack would have a much better
> chance of finding a collision than a second preimage attack. I'm sorry if
> I made it sound trivial, I know it's not. I just tried to give an example
> of how it works that would be easy to understand.
We
Robert J. Hansen wrote:
> Doing a birthday attack is highly nontrivial. E.g., to do a birthday
> attack on SHA256 requires a minimum, a _minimum_, of over 10**17 joules
> to be liberated as heat. That's about as much as you'd get from an
> entire full-out strategic nuclear exchange between the US
Oskar L. wrote:
> calculators designed to show very large numbers can show the result. Now I
> compare all the hashes from one picture to all the hashes from the other.
Doing a birthday attack is highly nontrivial. E.g., to do a birthday
attack on SHA256 requires a minimum, a _minimum_, of over 1
Robert J. Hansen wrote:
> In a room of 23 people, there are C(23, 2) different pairs, or 253.
D'oh. This will teach me to read things quickly. Oskar was
specifically saying pairs of which Bob was a part, not total pairs in
the room.
(gets out the brown paper bag)
_
Oskar L. wrote:
> So if we start with Bob, we need to have 253 more people, to be able to
> make 253 different pairs of which Bob is part of.
We need 22 more people.
In a room of 23 people, there are C(23, 2) different pairs, or 253.
You should probably refresh your knowledge of combinatorics be
On Fri, Aug 24, 2007 at 09:06:24PM +0300, Oskar L. wrote:
> Do hash firewalls have any drawbacks (performance decrease, difficult to
> implement, patent issues etc.)? What's the reason DSA doesn't have one?
I suspect a major reason is the main use of DSA is really DSS - and
DSS was never intended
On Fri, 24 Aug 2007 20:06, [EMAIL PROTECTED] said:
> Do hash firewalls have any drawbacks (performance decrease, difficult to
> implement, patent issues etc.)? What's the reason DSA doesn't have one?
DSA ist the signature algorithm used with DSS, the Digital Signature
Standard. DSS requires the
That was a very good explanation of what a hash firewall and a
second-preimage attack are. But I think it gives the impression that all
the hash firewall is good for is protecting against a second-preimage
attack, and therefore is of little importance, since a successful
second-preimage attack on S
17 matches
Mail list logo
