[OTR-dev] [OTR-users] otr dh key encryption
Michael Rogers
michael at briarproject.org
Tue Feb 19 18:59:50 EST 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 19/02/13 23:49, Kjell Braden wrote:
> On 2013-02-19 23:05, Michael Rogers wrote:
>> based on the first 80 bits of the hash of the service's public
>> key, so a collision can be generated after an expected 2^80
>> attempts.
>
> Some nitpicking: with the birthday attack you can find collisions
> on a n-bit hash function using 2^(n/2) evaluations with
> probability
>> 1/2. This means, you only need 2^40 attempts to find collisions
> with a probability higher than 1/2.
As far as I understand it (which isn't very far), you can find a
preimage that collides with a given hash in 2^n attempts, or two
preimages that collide with each other in 2^(n/2) attempts. The former
could be used to generate a bogus key for a given hostname. I don't
see how the latter could be used to attack hidden services (though
that doesn't mean it couldn't).
Cheers,
Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJRJBH1AAoJEBEET9GfxSfME8gH/i414BltaPbWUUEPpiPrn0VF
gZaKjC9SH+H4S5khJizaf6ihaGElFt221quudxExbGyEVWIRoyaPTlW7Ej9AjsQk
eTIfqo8Hs1oj1IzqR23FyhRXnSj+wVumw+zJJc2GPsTjbJm1b48Cevu7pNqHLmYE
n2J1369VsHc6JyDxjOtA3QP19RngzqJbKNQFGxtuVb1/4T3QxuzZ3X6dAR/NJQz5
6fdNaAGUTBiGH1KwcbPB17PvroFJaJx39Y9LOLwnwtAO2S5kKjRvjXylZFknVwBM
gfm50AEGGDomlygrf86paC4oA8u8pvpsYW6ie6DzFFmgis92OmkdJkVCHESIwNY=
=68hv
-----END PGP SIGNATURE-----
More information about the OTR-dev
mailing list