Jump to content

Talk:Preimage attack

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by 89.75.117.235 (talk) at 09:35, 25 May 2010 (Random oracle: new section). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Removed this:

For example, there is a program called CRC Faker that will generate a file of a user-defined size with the CRC requested.

Because CRC is not a cryptographic hash. It's only good for error detection; compromising data integrity is (almost) trivial. This cannot really be called a preimage attack unless you're stupid enough to use CRC for integrity checking—OTOH, many people are indeed stupid enough to do that, so maybe it should be mentioned with qualification... 82.92.119.11 22:04, 11 January 2006 (UTC)[reply]

Difficulty of first vs. second preimage attack

I do not agree with the following statement in the article:

Due to the similarity between these two cases a method for attacking one can normally be applied to attacking the other.

RFC 4270, which is given as reference, makes such a claim but gives no explanation for the claim. A well known example for a second preimage attack was an exploit that allowed to change the boot code of the XBOX (see [1]). The attack there based on the fact that TEA is a bad choice for constructing a hash function. I.e., the hash function used for the XBOX has the property that the hash result does not change if certain bits are changed. This allowed a second preimage attack that could be used change the boot code, so that this change was not detected by the XBOX. It does not seem that this attack can be extended to a first preimage attack. 67.84.116.166 02:39, 12 September 2006 (UTC)[reply]

Rewording - Update - Reference

I replaced the second paragraph, since the wording of the paragraph can be confusing. It might infer that a hash function to which finding a preimage attack takes in the order of 2n operations is vulnerable and not good. I was especially worried when the page on cryptographic hash functions http://en.wikipedia.org/wiki/Cryptographic_hash_function saying that 'Functions that lack first preimage resistance are vulnerable to first preimage attack'. I wanted to clarify that such complexity applies to even an IDEAL hash function.

I also added some information about the current state of preimage attacks on popular cryptographic hash functions and how they relate to Internet security. I also added a reference on some of these attacks. —Preceding unsigned comment added by 128.237.246.113 (talk) 17:30, 2 September 2009 (UTC)[reply]

Random oracle

I added the link to the random oracle in the "see also" section. I am wondering if it should also be mentioned in the text or would it be to confusing to put so much information in the sentence.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Talk:Preimage_attack&oldid=364084333"