From: Bill Stewart <stewarts@ix.netcom.com>
To: Robert Hettinga <rah@shipwright.com>
Message Hash: f7cbcd3c2ada021258acc56672fd64038f7963ede3f87b192cfcaec4859f0a33
Message ID: <199605190144.SAA15990@toad.com>
Reply To: N/A
UTC Datetime: 1996-05-19 08:57:23 UTC
Raw Date: Sun, 19 May 1996 16:57:23 +0800
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 19 May 1996 16:57:23 +0800
To: Robert Hettinga <rah@shipwright.com>
Subject: Re: Rumor: DSS Broken?
Message-ID: <199605190144.SAA15990@toad.com>
MIME-Version: 1.0
Content-Type: text/plain
>I was talking to someone who was talking to someone (have I said this is a
>rumor yet?) who was solicited for comment by a Very Famous Reporter about
>the fact that DSS, the Digital Signature Standard, promulgated by NIST, I
>believe, had been broken.
MD5 is at least weakened, maybe broken; there's an abstract by Hans Dobbertin
that says something about generating collisions, and gives an example
(though the abstract doesn't say how general the method is.)
It does appear that the method can't generate collisions of arbitary form
(i.e. the original string was "11111111MySecretKey0..0Message11111111"
and the string that has the same hash is 'posk
cpidjuwfviejwvijevijefivjefvjifejvij viaA"
DSS is known to have subliminal channels - in addition to signing a message,
you can embed bits that can be viewed by someone who knows the key,
so the digital signature on your passport/healthcare/workauthorization
smartcard can also hide data saying "Jew. Not Gay. Commie. Failed drug test
once."
This was discovered/published by Gus Simmons, and is in Applied Crypto;
there are several channels with varying amounts of data, computation
requirements,
and such.
# Thanks; Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation
Return to May 1996
Return to “Bill Stewart <stewarts@ix.netcom.com>”
1996-05-19 (Sun, 19 May 1996 16:57:23 +0800) - Re: Rumor: DSS Broken? - Bill Stewart <stewarts@ix.netcom.com>