Comments on: A pin maybe found in a haystack http://gondwanaland.com/mlog/2004/08/16/a-pin-maybe-found-in-a-haystack/ My opinions only. I do not represent any organization in this publication. Sat, 12 May 2012 23:12:14 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: Gordon Mohr http://gondwanaland.com/mlog/2004/08/16/a-pin-maybe-found-in-a-haystack/#comment-44 Gordon Mohr Tue, 17 Aug 2004 05:55:56 +0000 //?p=#comment-44 Even if you can't create a collision with a specific target hash, if you are able to create pairs of preimages with the same end hash, mischief is possible. For example, you create two files, one with something desirable, one with something undesirable (a trojan). You jiggle them both in insignificant ways until they match hashes. You then promote the desirable file, giving it (and its hash) a good reputation. (Perhaps, third parties have even reviewed and endorsed its contents.) Then, you release the trojan version, which can piggyback the good reputation of the first version to many more places than it would have otherwise reached. It's not as bad as if a collision for arbitrary content could be found, but it still makes the hash function less-than-ideal for many purposes. Even if you can’t create a collision with a specific target hash, if you are able to create pairs of preimages with the same end hash, mischief is possible.

For example, you create two files, one with something desirable, one with something undesirable (a trojan). You jiggle them both in insignificant ways until they match hashes. You then promote the desirable file, giving it (and its hash) a good reputation. (Perhaps, third parties have even reviewed and endorsed its contents.)

Then, you release the trojan version, which can piggyback the good reputation of the first version to many more places than it would have otherwise reached.

It’s not as bad as if a collision for arbitrary content could be found, but it still makes the hash function less-than-ideal for many purposes.

]]>