After reading this document about MD5 collision attacks, I still don\'t understa

Question

After reading this document about MD5 collision attacks, I still don't understand how collisions can make digital signatures insecure. In the paper, the researchers created two files with the same hash, one innocent and one malicious. The malicious party first sends the good file, gets it signed, and then copies the signature to the bad file to be used against the victim. My question is this: since it is impossible to create a collision without a giant jumbled mess somewhere in the file (though not necessarily immediately visible to the user, for example if preceded and followed by """ in a Python file), why can't users simply ensure that files don't contain blocks of seemingly random bytes if they're digitally signed? For example, why can't SSL certificates hash with MD5 and then use client-side code to verify they don't have any weird strings in them?

Explanation / Answer

Of course all the above comments are valid (rogue certificates, fake-websites, ...), but here's another story:

Let's assume you to buy, let's say a house.
You are lazy and want to sign the contract digitally.
The person, selling you the house presents you with a valid certificate and even is so nice to sign the contract you're going to sign.
Now you sign the contract with your qualified electronical signature using your 2048-bit RSA key and an MD5 hash.
You agree to pay ~200k dollar for the house.
Now, after a few years, you get sued because you've paid the 200k dollars.
The seller now claims you have signed a contract saying, you're willing to pay 300k dollars and presensts a valid signature of you to the court.
Now you're screwed, because of a simple MD5-collision, which can not be detected by detection of "weird" strings.

Related Questions

Navigate

• Browse (All)
• Browse A
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.