[OTR-dev] [OTR-users] otr dh key encryption

Kjell Braden kb at pentabarf.de
Tue Feb 19 19:53:34 EST 2013


On 2013-02-20 00:59, Michael Rogers wrote:
> On 19/02/13 23:49, Kjell Braden wrote:
>> On 2013-02-19 23:05, Michael Rogers wrote:
>>> based on the first 80 bits of the hash of the service's public
>>> key, so a collision can be generated after an expected 2^80
>>> attempts.
>
>> Some nitpicking: with the birthday attack you can find collisions
>> on a n-bit hash function using 2^(n/2) evaluations with
>> probability
>>> 1/2. This means, you only need 2^40 attempts to find collisions
>> with a probability higher than 1/2.
>
> As far as I understand it (which isn't very far), you can find a
> preimage that collides with a given hash in 2^n attempts, or two
> preimages that collide with each other in 2^(n/2) attempts. The former
> could be used to generate a bogus key for a given hostname. I don't
> see how the latter could be used to attack hidden services (though
> that doesn't mean it couldn't).

  Ooops. I knew I forgot something... Well, it's late here.

-- 
  Kjell



More information about the OTR-dev mailing list