IETF Logo Mail Archive

Re: [Isis-wg] draft-bhatia-manral-crypto-req-isis-01.txt

Vishwas Manral <vishwas@ipinfusion.com> Fri, 02 March 2007 22:19 UTC

Return-path: <isis-wg-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HNG5e-0001bM-Au; Fri, 02 Mar 2007 17:19:02 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HNG5d-0001aw-DO for isis-wg@ietf.org; Fri, 02 Mar 2007 17:19:01 -0500
Received: from mail.ipinfusion.com ([65.223.109.2] helo=gateway.ipinfusion.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HNG5Z-00022K-Ik for isis-wg@ietf.org; Fri, 02 Mar 2007 17:19:01 -0500
Received: from [127.0.0.1] ([65.223.109.250]) by gateway.ipinfusion.com (8.11.6/8.11.6) with ESMTP id l22MIbK11087; Fri, 2 Mar 2007 14:18:37 -0800
Message-ID: <45E8A2BD.6070704@ipinfusion.com>
Date: Fri, 02 Mar 2007 14:18:37 -0800
From: Vishwas Manral <vishwas@ipinfusion.com>
User-Agent: Thunderbird 1.5.0.9 (Windows/20061207)
MIME-Version: 1.0
To: James Carlson <james.d.carlson@sun.com>
Subject: Re: [Isis-wg] draft-bhatia-manral-crypto-req-isis-01.txt
References: <7993FE39-A603-4830-B63F-9615A38B3DEA@cisco.com> <45E88174.7040208@ipinfusion.com> <5B7CE451-04FE-42EC-B786-8F952C3F8C0A@cisco.com> <45E89CD7.7030708@ipinfusion.com> <17896.41109.961725.28931@gargle.gargle.HOWL>
In-Reply-To: <17896.41109.961725.28931@gargle.gargle.HOWL>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 8b30eb7682a596edff707698f4a80f7d
Cc: Tony Li <tli@cisco.com>, isis-wg@ietf.org
X-BeenThere: isis-wg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF IS-IS working group <isis-wg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/isis-wg>
List-Post: <mailto:isis-wg@ietf.org>
List-Help: <mailto:isis-wg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=subscribe>
Errors-To: isis-wg-bounces@ietf.org

James,

I agree it is hard to get two valid inputs with the same hash. However 
from what I was told, many characters not part of the standard character 
set and hence are invisible(so just the same as if they were not there).

That is the reason I gave the example given by the security people for 
the collision attack. I agree it is not IS-IS related and we can 
probably shift this discussion to some security list (we have discussed 
this on RPSec a couple of years back and I am giving you the gist of the 
discussion there).

Thanks,
Vishwas

James Carlson wrote:
> Vishwas Manral writes:
>   
>> What I mean is not that hashing wont have collisions, but that finding 
>> them should not be easy. That was the intention. I gave you the typical 
>> example served for the same about two documents with the same hash and 
>> hence the same signature.
>>     
>
> There's a huge difference between being able to find collisions with
> arbitrary input, and being able to find a collision on specifically
> modified input.
>
> In other words, there's a serious threat if someone can use known good
> messages to construct a new and different message that's syntactically
> correct and meaningful with a hash that passes validation.
>
> As far as I know, nobody knows how to do that for MD5, and conflating
> an academic exercise with a security problem in an actual protocol is
> probably not a worthwhile contribution.
>
>   



_______________________________________________
Isis-wg mailing list
Isis-wg@ietf.org
https://www1.ietf.org/mailman/listinfo/isis-wg

v2.23.0 | Report a Bug | By Email