[Mac_crypto] Apple should use SHA! (or stronger) to authenticate software releases
Nicko van Someren
Wed, 14 Apr 2004 22:26:57 +0100
On 14 Apr 2004, at 4:53, Arnold G. Reinhold wrote:
> I suppose it is educational to think about different ways to solve a
> problem like this, but this is getting silly. All that is needed to
> prevent my attack is to use calculate and publish the SHA1 hash along
> with the MD5 hash. Easy as can be. No special hardware required.
Actually I think that working out this sort of defence is useful. The
attack you published is important because it is a way to turn what
should be a "matching hash" problem with a cost of 2^N into a hash
collision problem, with cost 2^(N/2). No matter what hash you use this
represents a serious weakening. Yes, we can all switch to SHA-256 but
I think it's still useful to consider ways to defend against the whole
attack method that you proposed.