Language Selection

English French German Italian Portuguese Spanish

Hashing exploit threatens digital security

Filed under
Security

Cryptographers have found a way to snip a digital signature from one document and attach it to a fraudulent document without invalidating the signature and giving the fraud away.

The development means that attackers could potentially forge legal documents, load certified software with bogus code, or turn a digitally-signed letter of recommendation into one that authorises access to private information.

Digital signatures are used to authenticate website connections, emails and legal documents in some countries. They work because they are unique to the file or software that is signed, as they are created from the contents of the signed file. Therefore, if someone tries to cut a digital signature from one document and stick it to another, the signature fails because it no longer matches the document.

But now Stefan Lucks of the University of Mannheim and Magnus Daum of the Ruhr-University, Bochum, both in Germany, have come up with a way to create two documents that both have the same digital signature.

The attack exploits recently discovered holes in a type of publicly available algorithm called a hash function. These algorithms convert a digital file into a fixed-length string of bits (made up of "0"s and "1"s) called a hash, which is considered unique. The hash is then bound up with the digital signatory's key to generate their signature. The signature is verified by a trusted third party that removes the key and compares the remaining number with a hash of the document.

Full Article.

More in Tux Machines

Amazing Facts about Linux Operating System You Probably Don't Know

It was almost 30 years ago when the first version of Linux came into the market and since then, this operating system has made its important stature beside Microsoft Windows. Linux has turned out to be one of the most acknowledged and extensively used operating system. Enthused by UNIX, Linux has smartly managed to attract a lot of tech giants such as Facebook, Google, Yahoo, Twitter, Amazon, and much more. However, when it comes to assessing the exact rate of adoption of Linux in the market, the task is a bit tough since the sources to get copies are wide in number. Appreciating workers' and developers' hard-work, Linux has been designed in such a way that exploring and learning things on this operating system has become quite captivating and enthralling. In this post, let's know more about amazing features and facts of this operating system. Read more

Red Hat News

Raising Funds for GNU/Linux

  • $25k Linux Journalism Fund
    Linux Journal's new parent, Private Internet Access, has established a $25k fund to jump-start the next generation of Linux journalism—and to spend it here, where Linux journalism started in 1994. This isn't a contest, and there are no rules other than the ones that worked for journalism before it starting drowning in a sea of "content".
  • Nearly six years after the Kickstarter, Stainless Games claim Carmageddon is still coming to Linux
    Another year has passed and it's now nearing six years since the Carmageddon: Reincarnation Kickstarter that was supposed to have a Linux version. The developer said it is still coming, apparently.

Linux Foundation Events: India Digital Open Summit 2018, Open Source Networking Day, Open Source Leadership Summit