Search Results

Search found 2 results on 1 pages for 'dominar'.

Page 1/1 | 1 

  • Collision Attacks, Message Digests and a Possible solution

    - by Dominar
    I've been doing some preliminary research in the area of message digests. Specifically collision attacks of cryptographic hash functions such as MD5 and SHA-1, such as the Postscript example and X.509 certificate duplicate. From what I can tell in the case of the postscript attack, specific data was generated and embedded within the header of the postscript (which is ignored during rendering) which brought about the internal state of the md5 to a state such that the modified wording of the document would lead to a final MD equivalent to the original. The X.509 took a similar approach where by data was injected within the comment/whitespace of the certificate. Ok so here is my question, and I can't seem to find anyone asking this question: Why isn't the length of ONLY the data being consumed added as a final block to the MD calculation? In the case of X.509 - Why is the whitespace and comments being taken into account as part of the MD? Wouldn't a simple processes such as one of the following be enough to resolve the proposed collision attacks: MD(M + |M|) = xyz MD(M + |M| + |M| * magicseed_0 +...+ |M| * magicseed_n) = xyz where : M : is the message |M| : size of the message MD : is the message digest function (eg: md5, sha, whirlpool etc) xyz : is the acutal message digest value for the message M magicseed_{i}: Is a set random values generated with seed based on the internal-state prior to the size being added. This technqiue should work, as to date all such collision attacks rely on adding more data to the original message. In short, the level of difficulty involved in generating a collision message such that: It not only generates the same MD But is also comprehensible/parsible/compliant and is also the same size as the original message, is immensely difficult if not near impossible. Has this approach ever been discussed? Any links to papers etc would be nice.

    Read the article

  • C++0x and the Lack of Polymorphic Lambdas - Why?

    - by Dominar
    I've been reviewing the draft version of the upcoming C++0x standard. Specifically the section on lambdas, and am confused as to the reasoning for not introducing polymorphic lambdas. I had hoped we could use code such as the following: template<typename Container> void foo(Container c) { for_each(c.begin(),c.end(),[](T& t) { ++t; }); } What were the reasons: Was it the committee ran out of time? That polymorphic lambdas are too hard to implement? Or perhaps that they are seen as not being needed by the PTB?

    Read the article

1