Language Selection

English French German Italian Portuguese Spanish

Hashing exploit threatens digital security

Filed under
Security

Cryptographers have found a way to snip a digital signature from one document and attach it to a fraudulent document without invalidating the signature and giving the fraud away.

The development means that attackers could potentially forge legal documents, load certified software with bogus code, or turn a digitally-signed letter of recommendation into one that authorises access to private information.

Digital signatures are used to authenticate website connections, emails and legal documents in some countries. They work because they are unique to the file or software that is signed, as they are created from the contents of the signed file. Therefore, if someone tries to cut a digital signature from one document and stick it to another, the signature fails because it no longer matches the document.

But now Stefan Lucks of the University of Mannheim and Magnus Daum of the Ruhr-University, Bochum, both in Germany, have come up with a way to create two documents that both have the same digital signature.

The attack exploits recently discovered holes in a type of publicly available algorithm called a hash function. These algorithms convert a digital file into a fixed-length string of bits (made up of "0"s and "1"s) called a hash, which is considered unique. The hash is then bound up with the digital signatory's key to generate their signature. The signature is verified by a trusted third party that removes the key and compares the remaining number with a hash of the document.

Full Article.

More in Tux Machines

Samsung Galaxy Tab S Pro Might Be Soon Upon Us

Samsung has been pretty silent when it comes to tablets in the last few months. The Korean tech giant rolled out the Galaxy Tab Active at IFA 2014, but that was just a rugged, re-branded version of the Galaxy Tab 4 8.0-inch model. Read more

How to Get Over Your Fear of Failing at Linux

We’ve written plenty of articles about helping you switch over to Linux from your current operating system. However, even with all of those materials at hand, it’s sometimes still difficult to take the leap of faith and actually try it out. So, this article will be all about questions you might have about switching, and what you can do to ease yourself into the world of Linux. If you read it from start to finish, you’ll have plenty of answers and tips to succeed at Linux. Read more

Don't Fear the Penguin

It was a slow news day today for Linux but a few tidbits stood out. First up is Danny Stieben with his article persuading prospects how easy Linux really is. Read more

Alpine Linux 3.1.2 released

The Alpine Linux project is pleased to announce the immediate availability of version 3.1.2 of its Alpine Linux operating system. This is a bugfix release of the v3.1 musl based branch. This release is based on the 3.14.30 kernel which has some critical security fixes. Read more