| Re: Re: SHA-0 Broken | <– Date –> <– Thread –> |
From: Mohamad Badra (badra enst.fr)
|
|
| Date: Tue, 17 Aug 2004 14:11:26 -0400 (EDT) | |
Bernard Aboba wrote:
IMO, even if someone will arrive to change a bitstream into a particular "text file", it remains extremely hard to him to play with the structure of ASN.1 used in degital signatures.
Badra
Add to that, if SHA-1 will be broken, this does not mean that HMAC_hash is automatically broken since TLS-PRF uses HMAC_hash instead of hash. So you need to find also the "aleatory key" used with HMAC_hash to achieve such attack. Note that the actual attacks are based on known IVs.First, is TLS affected by this vulnerability? This idea came in mind since the PRF relies on the abovementioned (semi-)broken cryptographic algorithms.
PRF(secret, label, seed) =
P_MD5(S1, label + seed) XOR P_SHA-1(S2, label + seed);
My understanding is that this PRF was used in part so that it would only
be compromised if *both* MD5 and SHA-1 were broken.
IMO, even if someone will arrive to change a bitstream into a particular "text file", it remains extremely hard to him to play with the structure of ASN.1 used in degital signatures.
Badra
-
SHA-0 broken Thomas Otto, August 17 2004
- Re: SHA-0 broken Jari Arkko, August 17 2004
- Re: SHA-0 broken Nicolas Williams, August 17 2004
-
Re: SHA-0 Broken Bernard Aboba, August 17 2004
- Re: Re: SHA-0 Broken Mohamad Badra, August 17 2004
-
Re: SHA-0 Broken Thomas Otto, August 17 2004
-
Re: Re: SHA-0 Broken Nicolas Williams, August 17 2004
- Re: Re: SHA-0 Broken Florent Bersani, September 10 2004
- RE: Re: SHA-0 Broken Joseph Salowey, August 17 2004
-
Re: Re: SHA-0 Broken Nicolas Williams, August 17 2004
Results generated by Tiger Technologies using MHonArc.