I am not a PS guru. All of that is gibberish to me. I think this is what is going on:
1) There is a single source file foo.ps
2) Since PS is interpreted, there is a statement like:
if(filename=="recommendation.ps") { show_recommendation(); }
else { show_give_security_clearance(); }
This attack will work on no matter what hash you use because it uses social engineering (i.e., laziness - no one looks inside their PS files)
Just RTFA'd. Their attack is much more involved than I describe. However, it should be trivial to do the same thing for an OpenOffice document or Word document. Maybe I will try it...
I'm taking a computer forensics class, and the professor is an active policeman who does computer forensics. They make a lot of use of hashes in computer forensics - they use hashes to determine if evidence has been tampered with. He's spoken about this - he's aware of the possibility of hash collisions, but he does not believe anyone could practically use them in a real attack.
[+] [-] tptacek|18 years ago|reply
(2) If you are using MD5 OR SHA1 directly in any way, you almost certainly have systems problems that are much scarier than Xiaoyung Wang's attack.
If you're doing things right, this stuff shouldn't make any difference.
[+] [-] sohail|18 years ago|reply
1) There is a single source file foo.ps 2) Since PS is interpreted, there is a statement like: if(filename=="recommendation.ps") { show_recommendation(); } else { show_give_security_clearance(); }
This attack will work on no matter what hash you use because it uses social engineering (i.e., laziness - no one looks inside their PS files)
I think so anyway...
[+] [-] sohail|18 years ago|reply
[+] [-] phaedrus|18 years ago|reply
[+] [-] maurycy|18 years ago|reply