Adding a nounce before hashing as covert channel
Frank Guthausen
fg.gnupg at shimps.de
Wed Dec 11 16:19:49 CET 2024
On Wed, 11 Dec 2024 14:26:54 +0000
Andrew Gallagher via Gnupg-devel <gnupg-devel at gnupg.org> wrote:
> On 11 Dec 2024, at 11:33, Frank Guthausen <fg.gnupg at shimps.de> wrote:
> >
> > Are there any good solutions to the problem (workflow, best
> > practice) besides hoping the hash algorithm will prevent such an
> > attack in reasonable time?
>
> Avoiding hash collisions is the entire point of a hash algorithm. An
> external salt doesn’t make it more difficult for an attacker to find
> a hash collision, but it prevents an attacker from finding a *useful*
> collision in advance.
I understand this aspect of the problem. But assuming the document
is a contract signed by Alice and Bob, how is the problem solved in
a bidirectional manner? This extended problem remains open, because
adding a nonce leads to an infinite regress.
The problem is the double control of good and evil document, which
makes it easier to generate hash collisions. This advantage for Alice
moves to Bob when using a nonce from Bob.
Usage of external salts would increase difficulty since the free choice
is restricted to evil document. My understanding is that external salt
is a better choice than nonce inside of the document. But I am not sure
whether I am missing something in the chain of arguments.
--
kind regards
Frank
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 659 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20241211/1a7316be/attachment-0001.sig>
More information about the Gnupg-devel
mailing list