IETF Logo Mail Archive

Re: FW: New Version Notification for draft-rafiee-6man-cga-attack-00.txt

marcelo bagnulo braun <marcelo@it.uc3m.es> Sun, 01 December 2013 22:24 UTC

Return-Path: <marcelo@it.uc3m.es>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD1051AE1A0 for <ipv6@ietfa.amsl.com>; Sun, 1 Dec 2013 14:24:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.536
X-Spam-Level:
X-Spam-Status: No, score=-103.536 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_SOFTFAIL=0.665, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9yOT4k-AlUwB for <ipv6@ietfa.amsl.com>; Sun, 1 Dec 2013 14:24:21 -0800 (PST)
Received: from smtp03.uc3m.es (smtp03.uc3m.es [163.117.176.133]) by ietfa.amsl.com (Postfix) with ESMTP id E72A91ADF26 for <ipv6@ietf.org>; Sun, 1 Dec 2013 14:24:20 -0800 (PST)
Received: from smtp03.uc3m.es (localhost [127.0.0.1]) by localhost.uc3m.es (Postfix) with ESMTP id B9D7611C0569; Sun, 1 Dec 2013 23:24:16 +0100 (CET)
X-uc3m-safe: yes
Received: from [10.0.1.4] (204.101.220.87.dynamic.jazztel.es [87.220.101.204]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: marcelo@smtp03.uc3m.es) by smtp03.uc3m.es (Postfix) with ESMTPSA id 5ABAC11BF597; Sun, 1 Dec 2013 23:24:16 +0100 (CET)
Message-ID: <529BB70F.1060804@it.uc3m.es>
Date: Sun, 01 Dec 2013 23:24:15 +0100
From: marcelo bagnulo braun <marcelo@it.uc3m.es>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Thunderbird/24.1.0
MIME-Version: 1.0
To: Hosnieh Rafiee <ietf@rozanak.com>, 'Christian Huitema' <huitema@microsoft.com>, 'Ray Hunter' <v6ops@globis.net>
Subject: Re: FW: New Version Notification for draft-rafiee-6man-cga-attack-00.txt
References: <005601ceec99$ed4cfc40$c7e6f4c0$@rozanak.com> <C91E67751B1EFF41B857DE2FE1F68ABA2FBC395D@tk5ex14mbxc272.redmond.corp.microsoft.com> <000001ceecd4$a69b4aa0$f3d1dfe0$@rozanak.com> <529845A5.5060807@it.uc3m.es> <001101ceeedf$da768080$8f638180$@rozanak.com>
In-Reply-To: <001101ceeedf$da768080$8f638180$@rozanak.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Greylist: Sender succeeded SMTP AUTHACL 134 matched, not delayed by milter-greylist-4.2.7 (smtp03.uc3m.es); Sun, 01 Dec 2013 23:24:16 +0100 (CET)
X-TM-AS-Product-Ver: IMSS-7.1.0.1224-7.0.0.1014-20332.002
X-TM-AS-Result: No--9.472-7.0-31-1
X-imss-scan-details: No--9.472-7.0-31-1
Cc: ipv6@ietf.org, 'Erik Nordmark' <nordmark@sonic.net>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Dec 2013 22:24:24 -0000

El 01/12/13 22:53, Hosnieh Rafiee escribió:
>> El 29/11/13 08:28, Hosnieh Rafiee escribió:
>>>
>>> In CGA, we have a hash function or like the above example, we have a
>>> hash password. What is important for us is only find another message
>>> that leads to the same hash. This is where birthday paradox applies.
>>> So, in CGA, the attacker really does not care what is the content of
>>> your message, it cares about the hash value. He only wants to have
>>> another message (or in birthday paradox to have another person with
>>> the same birthday that matches yours) to match yours.
>>>
>> sigh, no.
>>
>> the birthday paradox applies when you want to find two values that match
>> each other and NOT when you have a target and you want to find a hash
>> output that matches the target of your attack.
>>
>> In other words, the birthday paradox is not about finding another person
> that
>> has the same birthday than you but about finding two persons that happen
> to
>> have the same birthday.
>>
>> This is a critical distinction when you want to use this for an attack, as
> you
>> cannot rely on this to attack a specific target, you can only use it for
> finding
>> two random values that clash.
>
> Birthday attack is still possible with the following approach. Check this
> nice article.
> http://eprint.iacr.org/2003/065.pdf

I just skimmed the paper and it seems to state that in some hash 
functions fewer attemps are needed to find a clash.
This does not contradicts my statement. Birthday paradox can be used to 
find tow values that clash, not to find a preimage of a given target value.

Regards, marcelo


> smile,
> Hosnieh
>
>

v2.23.0 | Report a Bug | By Email