Re: Complex Theoretical One Way Hash Question

In article <e27gr8$1a2n$2@agate.berkeley.edu>,
 daw@taverner.cs.berkeley.edu (David Wagner) wrote:

> The more complicated the image format, the more plausible it
> is that there is some existing corner case functionality that
> can be used in a strange way.

It comes to me that, juste like it is feasible to make two
different postscript files with the same MD5 and showing
different meaningfull things
http://www.cits.rub.de/MD5Collisions
it is possible to make a postscript file that displays
its own MD5: we make it contain 128 blocks that each
can be changed to two states without changing the MD5,
and display the 128 bits coded herein as 32 hex chars,
on top of an image also in the (end of) of the file;
then set the 128 blocks as approriate to display the
MD5 of the file.

The original problem (how to modify a JPEG image file so
that the "stamped" result is a JPEG image file showing
the original image, plus the MD5 of the modified file,
when viewed with a standard JPEG viewer) has at least
several near solutions:

1) use a special viewer [easy]

2) use a specially crafted secure hash rather than MD5;
see my other posts
<fgrieu-0C923B.11344519042006@nnrp14-1.proxad.net>
The special hash can demonstrably be as secure as
a standard hash it is based upon, and/or have other
features.

3) use another file format (including at least postcript,
and I guess encapsulated postscript, possibly PDF)
This scheme is not collision-resistant, but still an
adversary not involved in the preparation of the
modified image file can not create another file with
the MD5 hash of the modified image file, even with
knowledge of both the original and the modifed image
files. The weakness of MD5 makes the thing possible,
yet still secure in some sense.

Again I see no practical use for this.

  François Grieu
Received on Mon May 1 02:03:08 2006