Language Selection

English French German Italian Portuguese Spanish

Hashing exploit threatens digital security

Filed under
Security

Cryptographers have found a way to snip a digital signature from one document and attach it to a fraudulent document without invalidating the signature and giving the fraud away.

The development means that attackers could potentially forge legal documents, load certified software with bogus code, or turn a digitally-signed letter of recommendation into one that authorises access to private information.

Digital signatures are used to authenticate website connections, emails and legal documents in some countries. They work because they are unique to the file or software that is signed, as they are created from the contents of the signed file. Therefore, if someone tries to cut a digital signature from one document and stick it to another, the signature fails because it no longer matches the document.

But now Stefan Lucks of the University of Mannheim and Magnus Daum of the Ruhr-University, Bochum, both in Germany, have come up with a way to create two documents that both have the same digital signature.

The attack exploits recently discovered holes in a type of publicly available algorithm called a hash function. These algorithms convert a digital file into a fixed-length string of bits (made up of "0"s and "1"s) called a hash, which is considered unique. The hash is then bound up with the digital signatory's key to generate their signature. The signature is verified by a trusted third party that removes the key and compares the remaining number with a hash of the document.

Full Article.

More in Tux Machines

LG's webOS 2.0 TVs are coming to CES

LG's attempt to resurrect webOS for smart TVs is entering a new phase at CES 2015. A wide range of webOS 2.0 TVs will be displayed in Vegas, and LG is focusing on performance; the company says that starting the YouTube app from the home screen is 70 percent faster, for example, and overall boot times should be up to 60 percent quicker. Read more

GTK 3.14, Nautilus 3.14 Land In Ubuntu 15.04 Vivid Vervet [Quick Update]

Quick update for Ubuntu users planning to use Ubuntu 15.04: GTK 3.14 has landed in Ubuntu 15.04 Vivid Vervet. And of course, the default Ubuntu themes, Ambiance and Radiance, have been updated with GTK 3.14 support. Furthermore, Nautilus, an application that wasn't updated in quite a while and was still at version 3.10, has been updated to version 3.14: Read more

Eure-et-Loir department now using Nuxeo document system

The administration of France’s Eure-et-Loir Department has implemented Nuxeo, an open source enterprise document and content management system. The solution is used to exchange documents between the department’s services and, sometime next year, also with partner-organisations. Read more

2014: The Open Source Tipping Point

2014 was a tipping point where companies decided there was too much software to write for any one company to do it by themselves. They are shedding commodity software R&D by investing in “external R&D” with open source. Those who master the game have a compelling advantage. Those who don’t are getting left behind. We are experiencing an innovation renaissance that is largely driven by open source software that powers distributed, scale out systems. It’s been a pleasure to see this trend develop this year and I’m looking forward to 2015 with anticipation. Read more