|
|
|
|
|
|
by duskwuff
4415 days ago
|
|
|
Consider the three attacks that you've described here (preimage, second preimage, and collision) as differently constrained cases of: H(m) = x = H(m')
Where m is the original message, x is its hash, and m' is the second message that you need to find.For a preimage, you're given a value of x, and you don't even know what m is. For a second preimage, you're given a value of m to start from. (And, thus, you know x.) For a collision, you get to pick any m (and x) that you want to make your collision work. This last case is easiest to work with, since you can set up the messages in whatever way you need to exploit even a very subtle vulnerability. In a second preimage attack, the original message is given to you, so it may not set things up in an easily attackable way. In a sense, a second preimage is a specific case of a collision. The critical difference is that a second preimage is a targeted collision. |
|
|