Slashdot Mirror

← Back to Stories (view on slashdot.org)

SHA-1 Collisions for Meaningful Messages

Posted by ryuzaki0 on from the well-this-isn't-very-helpful dept.

mrogers writes "Following on the heels of last year's collision search attack against SHA-1, researchers at the Crypto 2006 conference have announced a new attack that allows the attacker to choose part of the colliding messages. "Using the new method, it is possible, for example, to produce two HTML documents with a long nonsense part after the closing </html> tag, which, despite slight differences in the HTML part, thanks to the adapted appendage have the same hash value." A similar attack against MD5 was announced last year."

3 of 128 comments (clear)

  1. Why not include message size? by Pedrito · · Score: 0, Redundant

    It seems to me that all the attacks on both of these hash systems (SHA-1 and MD5) involve different message sizes which is easily fixed by using both hash and message size as a verification. I honestly don't come close to understanding the math involved in these hashes, but I get the idea that the complexity involved in creating a hash using the exact same amount of data is far higher.

    Maybe factoring in message size as part of the hash is the solution? I don't know. Again, the math is way above me. But you could certainly do it by adding on some extra bits to the hash itself. A bit costly in size, but seems like maybe it might be worthwhile.

  2. Add size of file by yaminb · · Score: 1, Redundant

    I can never quite figure out why the MD5 and SHA and all these other algorithms don't include the original message size as part of their hash. This would eliminate all attack vectors that stem from adding or deleting information from a file. But I guess that's too simple a solution for these mathematicians.

  3. Size does matter by greazer · · Score: 0, Redundant

    It sounds like this scheme would alter the size of the original text. Don't most schemes compare the hash and the size of the text?