1

From the definition, a collision would mean you would have to find any two arbitrary x and y such that h(x) = h(y) where h is some cryptographic hash function. This is different from a second pre-image which means you have to find some y such that given some specific x, h(y) = h(x) (where x != y). The key difference being that x is fixed upfront.

I can make many cases why weak second pre-image resistance can hurt you (e.g. replace a known-to-be-good hash of a message/file with a malicious message/file that has the same hash), but I can't immediately come up with an attack where a collision would help you much. What are some real-world or theoretical attack vectors where abusing a weak collision resistant hash could cause harm?

Anthony Kraft
  • 1,179
  • 1
  • 9
  • 18

1 Answers1

2

Hash collision in a signature is for example a problem in document signing if the attacker can provide both signed documents. Just imagine a case where somebody orders you to do some work and the conditions are inside a signed document. Once you are ready they present you with a different version of the document which contains a lower pay for you but which still matches the signature.

Steffen Ullrich
  • 201,479
  • 30
  • 402
  • 465