No. of Recommendations: 12
I assume every person here is familiar with the Birthday ProblemI know the Birthday Problem, but until now had no idea it was meaningfully related to cybersecurity. (Dammit, Jim, I'm a doctor, not a...)
Anyhow, after a little hunting I found this,
https://www.geeksforgeeks.org/birthday-attack-in-c...which contains:
"
Digital signatures can be susceptible to birthday attacks. A message m is typically signed by first computing H(m), where H is a cryptographic hash function, and then using some secret key to sign H(m). Suppose Alice wants to trick Bob into signing a fraudulent contract. Alice prepares a fair contract m and fraudulent one m’. She then finds a number of positions where m can be changed without changing the meaning, such as inserting commas, empty lines, one versus two spaces after a sentence, replacing synonyms, etc. By combining these changes she can create a huge number of variations on m which are all fair contracts.
Similarly, Alice can also make some of these changes on m’ to take it, even more, closer towards m, that is H(m) = H(m’). Hence, Alice can now present the fair version m to Bob for signing. After Bob has signed, Alice takes the signature and attaches to it the fraudulent contract. This signature proves that Bob has signed the fraudulent contract.
To avoid such an attack the output of the hash function should be a very long sequence of bits such that the birthday attack now becomes computationally infeasible."
Ok, got it, mostly. Thank you!
(Actually, the whole link above is worth reading)
-- sutton
----------
Completely gratuitous addition follows
Speaking of learning, I found this just the other day (
bolding mine):
"
"The best thing for being sad," replied Merlyn, beginning to puff and blow, "is to learn something. That is the only thing that never fails. You may grow old and trembling in your anatomies, you may lie awake at night listening to the disorder of your veins, you may miss your only love, you may see the world about you devastated by evil lunatics, or know your honor trampled in the sewers of baser minds. There is only one thing for it then -- to learn. Learn why the world wags and what wags it. That is the only thing which the mind can never exhaust, never alienate, never be tortured by, never fear or distrust, and never dream of regretting. Learning is the thing for you. Look at what a lot of things there are to learn -- pure science, the only purity there is. You can learn astronomy in a lifetime, natural history in three, literature in six. And then, after you have exhausted a milliard lifetimes in biology and medicine and theocriticism and geography and history and economics -- why, you can start to make a cartwheel out of the appropriate wood, or spend fifty years learning to begin to learn to beat your adversary at fencing. After that you can start again on mathematics, until it is time to learn to plough."- T.H. White, The Once and Future King, Book I (The Sword in the Stone), chap. 21
