[ / / / / / / / / / / / / / ] [ dir ]

/tech/ - Technology

Winner of the 77nd Attention-Hungry Games
/x/ - Paranormal Phenomena and The RCP Authority

April 2019 - 8chan Transparency Report
Email
Comment *
Verification *
File
Password (Randomized for file and post deletion; you may also set your own.)
* = required field[▶ Show post options & limits]
Confused? See the FAQ.
Flag
Oekaki
Show oekaki applet
(replaces files and can be used instead)
Options

Allowed file types:jpg, jpeg, gif, png, webm, mp4, pdf
Max filesize is 16 MB.
Max image dimensions are 15000 x 15000.
You may upload 3 per post.


File: 1deb13123051534⋯.pdf (511.29 KB, 2019-459.pdf)

 No.1062916

From Collisions to Chosen-Prefix Collisions - Application to Full SHA-1

A chosen-prefix collision attack is a stronger variant of a collision attack, where an arbitrary pair of challenge prefixes are turned into a collision. Chosen-prefix collisions are usually significantly harder to produce than (identical-prefix) collisions, but the practical impact of such an attack is much larger. While many cryptographic constructions rely on collision-resistance for their security proofs, collision attacks are hard to turn into a break of concrete protocols, because the adversary has limited control over the colliding messages. On the other hand, chosen-prefix collisions have been shown to break certificates (by creating a rogue CA) and many internet protocols (TLS, SSH, IPsec).

In this article, we propose new techniques to turn collision attacks into chosen-prefix collision attacks. Our strategy is composed of two phases: first, a birthday search that aims at taking the random chaining variable difference (due to the chosen-prefix model) to a set of pre-defined target differences. Then, using a multi-block approach, carefully analysing the clustering effect, we map this new chaining variable difference to a colliding pair of states using techniques developed for collision attacks.

We apply those techniques to MD5 and SHA1, and obtain improved attacks. In particular, we have a chosen-prefix collision attack against SHA1 with complexity between 266.9

and 269.4 (depending on assumptions about the cost of finding near-collision blocks), while the best-known attack has complexity 277.1. This is within a small factor of the complexity of the classical collision attack on SHA1 (estimated as 264.7). This represents yet another warning that industries and users have to move away from using SHA1 as soon as possible.

https://eprint.iacr.org/2019/459

Post yfw Bittorent and Git still use SHA1

 No.1062932

its going to break if they change it for torrents. so many run very old clients


 No.1062991

>>1062932

IPFS > Torrents

Torrents on suicide watch


 No.1063004

Life is like a downloaded torrent. You never know what you're going to get.


 No.1063018

Makes you wonder if most of the encryption we use is already broken, or waiting to be broken soon.


 No.1063030


 No.1063031

>>1063018

i dont really trust this new popular thing that is ed25519. a big part of the beginning of the key is always same and i would expect that a secure key has a completely random value


 No.1063116

>>1063018

People already know SHA1 is shit as 2004, just that it was not practical to break.

But now, with GPUs, it is possible.

The thing is that AES, Serpent, Twofish, Camellia, SEED and ARIA are all made to be relatively GPU-proof.

>>1063031

Same goes for RSA if you did it wrong.


 No.1063119

>>1063018

Considering it's implemented by humans, more than likely.


 No.1063133

Aren't files in torrents divided into pieces? Wouldn't that make it impractical to forge files in a torrent, not just due to the fact that you'd have to ensure that all the pieces had the "correct" checksum, but that whatever result you were trying to achieve still worked within the context of the file as a whole, and that other people would be contributing correct pieces. Unless you're just trying to send garbage, I guess.


 No.1063134

>>1063133

but whats the checksum.. some attacks could probably work if you could generate a identical hash for another torrent and try to seed it to the swarm


 No.1063138

>>1063133

>Wouldn't that make it impractical

no


 No.1063139

>>1063138

Well you've convinced me.


 No.1063148


 No.1063855

this might be the end of many p2p things. they would have to make a big breaking change to fix this and its unlikely that everyone would update to the new version.


 No.1063917

>>1062991

>Torrents on suicide watch

No. eMule worked mostly fine, despite broken hashing.


 No.1063918

>>1063917

I can see you, CIA nigger. You glow in the dark theme.


 No.1064381

>>1063918

Nah he is just a chink who can't into IPFS lol.


 No.1064645


 No.1064755

>>1064645

LC4 isn't even cryptographically secure. Fuck off, retard.


 No.1064769

>>1063917

>worked

there are still people that use it


 No.1064772

>>1062991

I don't see how a single torrent is better than torrents.




[Return][Go to top][Catalog][Nerve Center][Cancer][Post a Reply]
Delete Post [ ]
[]
[ / / / / / / / / / / / / / ] [ dir ]