[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: draft-klensin-emailaddr-i18n-00
Adam M. Costello scripsit:
> The receiver will be fooled only if it blindly assumes that the text
> is normalized. I don't think receivers should make that assumption.
> They can't be fooled if they force the text to be normalized whenever it
> matters.
Oh yes they can, and all the worse. Consider the classical birthday attack:
see http://www.x5.net/faqs/crypto/q96.html for details if you need them.
It depends on the ability to generate 2^(n/2) variants (where n is the
number of bits in the n-bit signature hash function) of a message to be
used for the spoof. Typically this involves things like altering whitespace,
but a close inspection will detect these.
If we play with Unicode canonical equivalence in a world where receivers
normalize, however, we can create variants that are quite undetectable by
the receiver. Typical German text contains about 5% accented characters,
so a 20K message can be given 2^1000 variants, more than enough to break
reasonable hash functions.
--
John Cowan jcowan@xxxxxxxxxxxxxxxxx www.ccil.org/~cowan www.reutershealth.com
"The competent programmer is fully aware of the strictly limited size of his own
skull; therefore he approaches the programming task in full humility, and among
other things he avoids clever tricks like the plague." --Edsger Dijkstra