Language Selection

English French German Italian Portuguese Spanish

Hashing exploit threatens digital security

Filed under
Security

Cryptographers have found a way to snip a digital signature from one document and attach it to a fraudulent document without invalidating the signature and giving the fraud away.

The development means that attackers could potentially forge legal documents, load certified software with bogus code, or turn a digitally-signed letter of recommendation into one that authorises access to private information.

Digital signatures are used to authenticate website connections, emails and legal documents in some countries. They work because they are unique to the file or software that is signed, as they are created from the contents of the signed file. Therefore, if someone tries to cut a digital signature from one document and stick it to another, the signature fails because it no longer matches the document.

But now Stefan Lucks of the University of Mannheim and Magnus Daum of the Ruhr-University, Bochum, both in Germany, have come up with a way to create two documents that both have the same digital signature.

The attack exploits recently discovered holes in a type of publicly available algorithm called a hash function. These algorithms convert a digital file into a fixed-length string of bits (made up of "0"s and "1"s) called a hash, which is considered unique. The hash is then bound up with the digital signatory's key to generate their signature. The signature is verified by a trusted third party that removes the key and compares the remaining number with a hash of the document.

Full Article.

More in Tux Machines

France: ‘tax source code will be made public’

France’s tax department is willing to make the source code available for its income tax software system, says Axelle Lemaire, minister responsible for Digital Affairs. However, preparation takes time, she told April, France’s free software advocacy group, last month. Read more

Simplicity Linux 15.7 Comes at the End of July with Linux Kernel 4.0

David Purse from the development team of Simplicity Linux, a distribution derived from LXPup and built around the LXDE desktop environment, has announced the release of the first Beta build towards the final version of Simplicity Linux 15.7. Read more

Linux Kernel 3.14.46 LTS Has ARM and ARM64 Improvements, Updated Drivers

After announcing the release of the Linux kernel 4.1.1, Linux kernel 4.0.7, and Linux kernel 3.10.82 LTS, Greg Kroah-Hartman also published details about a new maintenance release of the Linux 3.14 kernel branch. Read more

Google open-sources its software for making trippy images with deep learning

The deepdream project is now available on GitHub. The project relies on the open-source Caffe deep learning framework. Deep learning involves training artificial neural networks on a large pile of data — for example, pictures of geese — and then throwing them a new piece of data, like a picture of an ostrich, to receive an educated guess about it. Read more