Language Selection

English French German Italian Portuguese Spanish

Hashing exploit threatens digital security

Filed under
Security

Cryptographers have found a way to snip a digital signature from one document and attach it to a fraudulent document without invalidating the signature and giving the fraud away.

The development means that attackers could potentially forge legal documents, load certified software with bogus code, or turn a digitally-signed letter of recommendation into one that authorises access to private information.

Digital signatures are used to authenticate website connections, emails and legal documents in some countries. They work because they are unique to the file or software that is signed, as they are created from the contents of the signed file. Therefore, if someone tries to cut a digital signature from one document and stick it to another, the signature fails because it no longer matches the document.

But now Stefan Lucks of the University of Mannheim and Magnus Daum of the Ruhr-University, Bochum, both in Germany, have come up with a way to create two documents that both have the same digital signature.

The attack exploits recently discovered holes in a type of publicly available algorithm called a hash function. These algorithms convert a digital file into a fixed-length string of bits (made up of "0"s and "1"s) called a hash, which is considered unique. The hash is then bound up with the digital signatory's key to generate their signature. The signature is verified by a trusted third party that removes the key and compares the remaining number with a hash of the document.

Full Article.

More in Tux Machines

RancherOS: A tiny Linux for Docker lovers

Like the various Linux server and desktop distributions, the container-oriented Linux distributions mix and match various projects and components to construct a complete container infrastructure. These distros generally combine a minimal OS kernel, an orchestration framework, and an ecosystem of container services. RancherOS not only fits the mold, but takes the minimal kernel and the container paradigm to extremes. Read more

Review: System76’s Galago Pro solves “just works” Linux’s Goldilocks problem

The Linux world has long maintained a very specific rite of passage: wiping the default operating system from your laptop and plugging in a USB stick with your favorite distro's live CD. Some of us get a little, dare I say, giddy every time we wipe that other OS away and see that first flash of GRUB. Of course, rites of passage are supposed to be one-time events. Once you've wiped Windows or OS X a time or two, that giddiness vanishes—replaced by a feeling of annoyance, a kind of tax on being a Linux user. Read more

Didier Roche: Ubuntu GNOME Shell in Artful: Day 3

After introducing yesterday a real GNOME vanilla session, let’s see how we are using this to implement small behavior differences and transforming current Ubuntu Artful. For more background on this, you can refer back to our decisions regarding our default session experience as discussed in my blog post. Read more

GNOME and Debian: Debian Turning 24, GNOME Turning 20

  • Debian Celebrates Its 24th Birthday
    Yesterday marked GNOME turning 20 while today Debian developers and users have its 24th birthday of the project to celebrate.
  • GNOME desktop environment for Linux and BSD is 20 years old today
    When many people think of Linux, they incorrectly assume it is an operating system. Actually, Linux is merely the kernel which many operating systems leverage. An actual operating system is compromised of many things, including a user interface -- after all, users need to interface with their computer! Most computer users will obviously want a graphical UI nowadays, and for BSD and Linux-based operating systems there are many such desktop environments from which to choose. One of the most popular environments is GNOME. Not only is GNOME a DE, but it has evolved into much more, such as a collection of apps and design rules (Human Interface Guidelines). Today, GNOME is celebrating a very important milestone -- it is an impressive 20 years old!
  • Happy birthday, GNOME!
    The GNOME desktop turns 20 today, and I'm so excited! Twenty years is a major milestone for any open source software project, especially a graphical desktop environment like GNOME that has to appeal to many different users. The 20th anniversary is definitely something to celebrate!
  • Linux desktop GUI GNOME celebrates its 20th birthday
    By 1997, there had long been graphical Unix and Linux graphical user interface (GUI) desktops, but none of them had gathered much support. KDE, which was destined to become a major desktop, had started in 1996, but it was still facing opposition for its use of the Qt license. The GNOME Project, founded by Miguel de Icaza and Federico Mena Quintero on August 15, 1997, was created to build a GUI without the use of any non-General Public License (GPL) software. Thus, a struggle began between the two Linux desktops, which continues to this day.