Re: [Gnumed-devel] looking for Horst

[Syan Tan]

Could you explain what first pre-image and second pre-image attack 
is again ? It sounds like you're saying that because a hash functions 
are one-way functions, that there is no feasible way to get X efficiently if  
X is the message and you have Y, the hash , because there's no efficient 
inverse F.  Also , the collision algorithms seem pretty trendy and 
incomprehensible. 
I looked up google, and the series of events seems to be: 
 
1. Aug 2004, Chinese cryptographers brag that they have computed a 
collision for a message , using a super computer, and publish a 4 
page result, without explaining how they did it. 
 
2. Oct 2004, Australian researchers, miffed that they didn't get to publish 
their expertise, publish a 100 page paper outlining how they analysed  
the MD5 algorithm and found certain conditions how an algorithm could 
be found, but don't find the algorithm 
 
3. March 2005, a czech researcher publishes his laptop algorithm for 
collision finding, and estimates that a laptop is about 25-100 times 
slower than a super computer, and that their algorithm is 10x faster 
than the chinese secret algorithm 
 
-Chinese researchers release their algorithm, after the czech researchers. 
 
Is it correct that the messages only differ at the end of the message, 
where a block of bytes that match a md5 processing boundary is appended,  
and that you were saying that the brute force search by inserting  
or changing random 'invisible' characters or bits in a maliciously modified 
original message is as hard a problem as reverse guessing a message from a hash 
? 
 
How does this affect using a notary ? Apparently, the complaint was  
that MD5 is insecure, and the court disallowed a photograph's MD5 signature 
because MD5 was theoretically flawed, but also because the original MD5 
signature 
did not take in all the bits of the photograph for signature generation, but 
just the timestamp and text attached to the photo, and that gnumed should 
always include the entirety of data for hashing. Also, there was an 
argument about how a postscript program was regarded as a document, and 
that it switched on the final collision matching block  of bytes appended 
to the program, but it contained both the real message and the altered 
message anyway, and you argued that all documents should be inspectable 
as source, and then someone else argued that if it was easily provable 
a postscript document contained alternate messages by inspection,  
legally , the signature was non-binding anyway; someone else argued that 
if one could satisfy a court the intent of signing wasn't there or 
signing was done under duress or false pretences , then it was also 
non-binding.  
 Rats, wished someone had told me that when I signed that 
ratfink real estate agent's document.. 
 
 
 
 
   
 
 
On Sat Aug 13  5:58 , Tim Churches  sent: 
 
>Sebastian Hilbert wrote: 
> 
>>Hi all, 
>> 
>>Does anyone know if Horst is still reading this? I have tried to contact him  
>>regarding gnotary but he may be too busy to answer my mails. 
>> 
>>Any help is appreciated. 
>>Sebastian 
>>   
>> 
>He actively posts to the GPCG 9general practice computer group) mailing  
>list - just yesterday I had a friendly online argument with him over  
>collision versus pre-image attacks agianst the MD5 hash algorithm (which  
>is somewhat relevant to gnotary, actually). 
> 
>Tim C 
> 
> 
> 
>_______________________________________________ 
>Gnumed-devel mailing list 
>address@hidden 
>http://lists.gnu.org/mailman/listinfo/gnumed-devel