From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Thu, 5 Oct 95 09:07:21 PDT
To: gerdw@cougar.vut.edu.au (David Gerard)
Subject: Re: FORGED CANCELS of posts on n.a.n-a.m
Message-ID: <9510051606.AA02119@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


>  One thing that occurs to me: suppose I go to control, collect cancel
>  messages, and build myself a collection of M1's that will work with
>  a given M2?
>
>  That is, I can't actually invert the hashing function. But if a
>  given hash function is standard, then I can eventually build up a
>  collection of M1s for M2s that will let me cancel quite a few things
>  I may want to.  How many cancel messages come through in a day?

You would have to collect quite a few cancels just to get one pair of valid  
hashes for a message you want to cancel...  You don't even need to collect  
cancels from control; you could just start hashing 128-bit strings until you  
got one that hashed to M2.  The catch is you would have to hash on the order  
of 2^64 strings for MD5, for instance.  That's a lot of hashing to cancel one  
article...  It's likely going to be much less work to try to guess the  
passphrase used to generate M1.  There is also a better than average chance  
that the target used the same passphrase to lock multiple posts...


andrew