Language Selection

English French German Italian Portuguese Spanish

Hashing exploit threatens digital security

Filed under
Security

Cryptographers have found a way to snip a digital signature from one document and attach it to a fraudulent document without invalidating the signature and giving the fraud away.

The development means that attackers could potentially forge legal documents, load certified software with bogus code, or turn a digitally-signed letter of recommendation into one that authorises access to private information.

Digital signatures are used to authenticate website connections, emails and legal documents in some countries. They work because they are unique to the file or software that is signed, as they are created from the contents of the signed file. Therefore, if someone tries to cut a digital signature from one document and stick it to another, the signature fails because it no longer matches the document.

But now Stefan Lucks of the University of Mannheim and Magnus Daum of the Ruhr-University, Bochum, both in Germany, have come up with a way to create two documents that both have the same digital signature.

The attack exploits recently discovered holes in a type of publicly available algorithm called a hash function. These algorithms convert a digital file into a fixed-length string of bits (made up of "0"s and "1"s) called a hash, which is considered unique. The hash is then bound up with the digital signatory's key to generate their signature. The signature is verified by a trusted third party that removes the key and compares the remaining number with a hash of the document.

Full Article.

More in Tux Machines

Chromebook to come with Intel Broadwell chips

Intel is expected to launch its 5th-gen Intel Core CPUs based on Broadwell architecture by the end of this year. According to the latest leaked information, Google’s Chromebook might feature this Broadwell chip. Intel is focusing on bringing high performance CPU which has minimum power requirement with Broadwell chip. Even though Broadwell is the scaled down version of Haswell, it will still maintain the same CPU performance as Haswell. The company is working on better performance-per-watt and lower power consumption to improve battery life of devices. Broadwell is just 14 nanometer in size. Read more

Deepin 2014.1 Released With Bug Fixes And Minor Enhancements

Deepin 2014.1 was released today with numerous bug fixes meant to improve the system stability and performance as well as a few interesting enhancements / new features. Users who have already installed Deepin 2014 don't have to reinstall - a simple upgrade via the Deepin Store or command line (sudo apt-get dist-upgrade) is enough to get the latest Deepin 2014.1. Read more

Quod Libet 3.2.1 Review – An Almost Perfect Music Player

It's a mystery why Quod Libet is not a more popular media player. It's been around for years and the developers have constantly worked on it. The last major update was done back in May 2014, and the software is stable and full of goodies. Quodlibet is a Latin phrase that means "what pleases" and it's used in music to describe a piece that's a combination of multiple melodies. The name seems to relate very well to the media player and it's actually quite catchy. Read more

Making Fedora work better [For me]

I’ve been talking to my fellow Fedora user, James [who happens to be my boss] and he’s told me a few extensions that are available for gnome 3 that make things a little better, and to be honest I like them lots. First of all you need to go here – https://extensions.gnome.org/ [use firefox] The first couple I have install is Applications Menu No Topleft Hot Corner Read more