Language Selection

English French German Italian Portuguese Spanish

Hashing exploit threatens digital security

Filed under
Security

Cryptographers have found a way to snip a digital signature from one document and attach it to a fraudulent document without invalidating the signature and giving the fraud away.

The development means that attackers could potentially forge legal documents, load certified software with bogus code, or turn a digitally-signed letter of recommendation into one that authorises access to private information.

Digital signatures are used to authenticate website connections, emails and legal documents in some countries. They work because they are unique to the file or software that is signed, as they are created from the contents of the signed file. Therefore, if someone tries to cut a digital signature from one document and stick it to another, the signature fails because it no longer matches the document.

But now Stefan Lucks of the University of Mannheim and Magnus Daum of the Ruhr-University, Bochum, both in Germany, have come up with a way to create two documents that both have the same digital signature.

The attack exploits recently discovered holes in a type of publicly available algorithm called a hash function. These algorithms convert a digital file into a fixed-length string of bits (made up of "0"s and "1"s) called a hash, which is considered unique. The hash is then bound up with the digital signatory's key to generate their signature. The signature is verified by a trusted third party that removes the key and compares the remaining number with a hash of the document.

Full Article.

More in Tux Machines

​Canonical to integrate Chef DevOps into Ubuntu

You may think of Ubuntu as a desktop Linux, and it is, but it's also the most popular Linux on Amazon EC2 cloud and very popular on most other cloud platforms. So it only makes good sense that Canonical, Ubuntu's parent company, has partnered with Chef, one of the most popular DevOps companies. Read more

Choosing Software to Work Remotely from Your Linux Dev Station

In the previous article, I gave an overview of how I've managed to go mobile. In this installment, I'm going to talk about the software I'm using on my different devices. Then in the third and final installment, I'll explain how I set up my Linux servers, what software I'm using, and how I set up the security. Before getting started, however, I want to address one important point: While downtime and family time are necessary (as some of you wisely pointed out in the comments!) one great use for this is if you have to do a lot of business traveling, and if you're on call. So continuing our story... Read more

Google Goes Crazy for Chromebooks

Google on Tuesday announced two new budget-busting Chromebook computers, a tablet/notebook convertible with a full swivel screen, and a Chrome computer-on-a-stick. The Haier Chromebook 11 (pictured above) and the Hisense Chromebook both are available for preorder for US$149. Read more

Android IVI system serves up to 56 bus passengers

The Via BLISS (Bus Line In-Seat System) Platform provides an in-vehicle infotainment (IVI) VOD network of the type typically found only on airlines, says Via Technologies. The Android-based system has been deployed by long-distance bus operators in Taiwan and Turkey, and is now open for general availability. Read more