From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 19 May 1996 16:57:23 +0800
To: Robert Hettinga <rah@shipwright.com>
Subject: Re: Rumor: DSS Broken?
Message-ID: <199605190144.SAA15990@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>I was talking to someone who was talking to someone (have I said this is a
>rumor yet?) who was solicited for comment by a Very Famous Reporter about
>the fact that  DSS, the Digital Signature Standard, promulgated by NIST, I
>believe, had been broken.

MD5 is at least weakened, maybe broken; there's an abstract by Hans Dobbertin
that says something about generating collisions, and gives an example
(though the abstract doesn't say how general the method is.)
It does appear that the method can't generate collisions of arbitary form
(i.e. the original string was "11111111MySecretKey0..0Message11111111"
and the string that has the same hash is 'posk
cpidjuwfviejwvijevijefivjefvjifejvij viaA"

DSS is known to have subliminal channels - in addition to signing a message,
you can embed bits that can be viewed by someone who knows the key,
so the digital signature on your passport/healthcare/workauthorization 
smartcard can also hide data saying "Jew. Not Gay. Commie. Failed drug test
once."
This was discovered/published by Gus Simmons, and is in Applied Crypto;
there are several channels with varying amounts of data, computation
requirements,
and such.


#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation