[Mac_crypto] Apple should use SHA! (or stronger) to authenticate software releases

Nicko van Someren mac_crypto@vmeng.com
Wed, 14 Apr 2004 22:26:57 +0100

On 14 Apr 2004, at 4:53, Arnold G. Reinhold wrote:

> I suppose it is educational to think about different ways to solve a 
> problem like this, but this is getting silly. All that is needed to 
> prevent my attack is to use calculate and publish the SHA1 hash along 
> with the MD5 hash. Easy as can be.  No special hardware required.

Actually I think that working out this sort of defence is useful.  The 
attack you published is important because it is a way to turn what 
should be a "matching hash" problem with a cost of 2^N into a hash 
collision problem, with cost 2^(N/2).  No matter what hash you use this 
represents a serious weakening.  Yes, we can all switch to SHA-256 but 
I think it's still useful to consider ways to defend against the whole 
attack method that you proposed.