Language Selection

English French German Italian Portuguese Spanish

Hashing exploit threatens digital security

Filed under
Security

Cryptographers have found a way to snip a digital signature from one document and attach it to a fraudulent document without invalidating the signature and giving the fraud away.

The development means that attackers could potentially forge legal documents, load certified software with bogus code, or turn a digitally-signed letter of recommendation into one that authorises access to private information.

Digital signatures are used to authenticate website connections, emails and legal documents in some countries. They work because they are unique to the file or software that is signed, as they are created from the contents of the signed file. Therefore, if someone tries to cut a digital signature from one document and stick it to another, the signature fails because it no longer matches the document.

But now Stefan Lucks of the University of Mannheim and Magnus Daum of the Ruhr-University, Bochum, both in Germany, have come up with a way to create two documents that both have the same digital signature.

The attack exploits recently discovered holes in a type of publicly available algorithm called a hash function. These algorithms convert a digital file into a fixed-length string of bits (made up of "0"s and "1"s) called a hash, which is considered unique. The hash is then bound up with the digital signatory's key to generate their signature. The signature is verified by a trusted third party that removes the key and compares the remaining number with a hash of the document.

Full Article.

More in Tux Machines

Red Hat Rebranding and Shares

Databases: Revenue Shift and PostgreSQL

  • How open source databases are sucking revenue out of legacy vendors’ pockets
    In other words, the value of the open source database market to customers/users is measured in the tens of billions, or even hundreds of billions, of dollars. One other way of thinking about this? That's tens or hundreds of billions of dollars that proprietary vendors will never capture.
  • Has the time finally come for PostgreSQL?
    For nearly 30 years, PostgreSQL (a.k.a., Postgres) has arguably been the most common SQL open source database that you have never heard of. Call it the Zelig of databases, its technology either sat behind or acted as the starting point behind an array of nearly a dozen commercial database offerings from EnterpriseDB to Redshift, Greenplum, Netezza, CockroachDB and a host of others. And PostgreSQL has distinguished lineage as one of the brainchilds of Turing Award winner and database legend Dr. Michael Stonebraker, who started the PostgreSQL project based on the lessons learned from his previous database venture, Ingres.

How to Turn Any Linux PC Into a Kodi-Based HTPC With Kodibuntu

Kodi originated as Xbox Media Center, or XBMC. However, it evolved into what’s now Kodi. The utilitarian open-source media center plays pretty much any audio and video file you throw at it. Plus, Kodi add-ons serve as apps similar to what’s found on streaming devices like Roku. For instance, the Plex for Kodi add-on provides access to your Plex media server library, while the Funimation Now add-on lets you stream Funimation from Kodi. Furthermore, the robust Kodi media center provides plenty of options to access networked media files. As a Kodi-based Linux distro, Kodibuntu is a fusion of Kodi and Lubuntu, a lightweight Ubuntu derivative. Yet Kodibuntu differs from the likes of OpenELEC, LibreELEC, and OSMC in that it’s a full on Linux distro with a desktop environment. While the main focus is media center use, you benefit from the ability to access and edit system files. Thus, it’s more comprehensive than most Kodi OSes. If you’ve used Ubuntu, then Kodibuntu should present a familiar experience. Learn more about Kodi with our complete A-Z of Kodi guide! Read more Also: Will You Upgrade to Ubuntu 18.04 LTS? [Poll]

Android Leftovers