On Sun, Sep 18, 2011 at 5:50 PM, Chad innocentkiller@gmail.com wrote:
On Sun, Sep 18, 2011 at 5:47 PM, Anthony wikimail@inbox.org wrote:
On Sun, Sep 18, 2011 at 5:30 PM, Chad innocentkiller@gmail.com wrote:
On Sun, Sep 18, 2011 at 7:24 AM, Russell N. Nelson - rnnelson rnnelson@clarkson.edu wrote:
It is meaningless to talk about cryptography without a threat model, just as Robert says. Is anybody actually attacking us? Or are we worried about accidental collisions?
I believe it began as accidental collisions, then everyone promptly put on their tinfoil hats and started talking about a hypothetical vandal who has the time and desire to generate hash collisions.
Having run a wiki which I eventually abandoned due to various "Grawp attacks", I can assure you that there's nothing hypothetical about it.
For those of us who do not know...what the heck is a Grawp attack? Does it involve generating hash collisions?
It does not involve generating hash collisions, but it involves finding various bugs in mediawiki and using them to vandalise, often by injecting javascript. The best description I could find was at Encyclopedia Dramatica, which seems to be taken down (there's a cache if you do a google search for "grawp wikipedia"). There's also a description at http://en.wikipedia.org/wiki/User:Grawp , which does not do justice to the "mad hacker skillz" of this individual and his intent on finding bugs in mediawiki and exploiting them.
If you did something as lame as relying on no one generating an MD5 collision (*), it would happen. If you use SHA-1, it may or may not happen, depending on how quickly computers get faster, and how many further attacks are made on the algorithm. If you use SHA-256 (**), it's significantly less likely to happen, and you'll probably have a warning in the form of an announcement on Slashdot that SHA-256 has been broken, before it happens.
(*) Something which I have done myself on my home computer in a couple minutes, and apparently now can be done in a couple seconds.
(**) Which, incidentally, is possibly the single most secure hash for Wikimedia to use at the current time. SHA-512 is significantly more "broken" than SHA-256, and the more theoretically secure hashes have received much less scrutiny than SHA-256. If you want to be more secure than SHA-256, you should combine SHA-256 with some other hashing algorithm.)