[ / / / / / / / / / / / / / ] [ dir ]

/tech/ - Technology

Winner of the 77nd Attention-Hungry Games
/x/ - Paranormal Phenomena and The RCP Authority

April 2019 - 8chan Transparency Report
Comment *
Verification *
Password (Randomized for file and post deletion; you may also set your own.)
* = required field[▶ Show post options & limits]
Confused? See the FAQ.
Show oekaki applet
(replaces files and can be used instead)

Allowed file types:jpg, jpeg, gif, png, webm, mp4, pdf
Max filesize is 16 MB.
Max image dimensions are 15000 x 15000.
You may upload 3 per post.

File: 1deb13123051534⋯.pdf (511.29 KB, 2019-459.pdf)


From Collisions to Chosen-Prefix Collisions - Application to Full SHA-1

A chosen-prefix collision attack is a stronger variant of a collision attack, where an arbitrary pair of challenge prefixes are turned into a collision. Chosen-prefix collisions are usually significantly harder to produce than (identical-prefix) collisions, but the practical impact of such an attack is much larger. While many cryptographic constructions rely on collision-resistance for their security proofs, collision attacks are hard to turn into a break of concrete protocols, because the adversary has limited control over the colliding messages. On the other hand, chosen-prefix collisions have been shown to break certificates (by creating a rogue CA) and many internet protocols (TLS, SSH, IPsec).

In this article, we propose new techniques to turn collision attacks into chosen-prefix collision attacks. Our strategy is composed of two phases: first, a birthday search that aims at taking the random chaining variable difference (due to the chosen-prefix model) to a set of pre-defined target differences. Then, using a multi-block approach, carefully analysing the clustering effect, we map this new chaining variable difference to a colliding pair of states using techniques developed for collision attacks.

We apply those techniques to MD5 and SHA1, and obtain improved attacks. In particular, we have a chosen-prefix collision attack against SHA1 with complexity between 266.9

and 269.4 (depending on assumptions about the cost of finding near-collision blocks), while the best-known attack has complexity 277.1. This is within a small factor of the complexity of the classical collision attack on SHA1 (estimated as 264.7). This represents yet another warning that industries and users have to move away from using SHA1 as soon as possible.


Post yfw Bittorent and Git still use SHA1


its going to break if they change it for torrents. so many run very old clients



IPFS > Torrents

Torrents on suicide watch


Life is like a downloaded torrent. You never know what you're going to get.


Makes you wonder if most of the encryption we use is already broken, or waiting to be broken soon.




i dont really trust this new popular thing that is ed25519. a big part of the beginning of the key is always same and i would expect that a secure key has a completely random value



People already know SHA1 is shit as 2004, just that it was not practical to break.

But now, with GPUs, it is possible.

The thing is that AES, Serpent, Twofish, Camellia, SEED and ARIA are all made to be relatively GPU-proof.


Same goes for RSA if you did it wrong.



Considering it's implemented by humans, more than likely.


Aren't files in torrents divided into pieces? Wouldn't that make it impractical to forge files in a torrent, not just due to the fact that you'd have to ensure that all the pieces had the "correct" checksum, but that whatever result you were trying to achieve still worked within the context of the file as a whole, and that other people would be contributing correct pieces. Unless you're just trying to send garbage, I guess.



but whats the checksum.. some attacks could probably work if you could generate a identical hash for another torrent and try to seed it to the swarm



>Wouldn't that make it impractical




Well you've convinced me.



this might be the end of many p2p things. they would have to make a big breaking change to fix this and its unlikely that everyone would update to the new version.



>Torrents on suicide watch

No. eMule worked mostly fine, despite broken hashing.



I can see you, CIA nigger. You glow in the dark theme.



Nah he is just a chink who can't into IPFS lol.




LC4 isn't even cryptographically secure. Fuck off, retard.




there are still people that use it



I don't see how a single torrent is better than torrents.

[Return][Go to top][Catalog][Nerve Center][Cancer][Post a Reply]
Delete Post [ ]
[ / / / / / / / / / / / / / ] [ dir ]