Talk:Preimage attack

From Wikipedia, the free encyclopedia

Removed this:

For example, there is a program called CRC Faker that will generate a file of a user-defined size with the CRC requested.

Because CRC is not a cryptographic hash. It's only good for error detection; compromising data integrity is (almost) trivial. This cannot really be called a preimage attack unless you're stupid enough to use CRC for integrity checking—OTOH, many people are indeed stupid enough to do that, so maybe it should be mentioned with qualification... 82.92.119.11 22:04, 11 January 2006 (UTC)

[edit] Difficulty of first vs. second preimage attack

I do not agree with the following statement in the article:

Due to the similarity between these two cases a method for attacking one can normally be applied to attacking the other.

RFC 4270, which is given as reference, makes such a claim but gives no explanation for the claim. A well known example for a second preimage attack was an exploit that allowed to change the boot code of the XBOX (see [1]). The attack there based on the fact that TEA is a bad choice for constructing a hash function. I.e., the hash function used for the XBOX has the property that the hash result does not change if certain bits are changed. This allowed a second preimage attack that could be used change the boot code, so that this change was not detected by the XBOX. It does not seem that this attack can be extended to a first preimage attack. 67.84.116.166 02:39, 12 September 2006 (UTC)