Of course not, is enough to find a collision and you'll get for example a message signed by somebody else that looks completely authentic since signatures encrypt that hash with the private key.<br><br><div><span class="gmail_quote">
On 3/21/07, <b class="gmail_sendername">Blue Boar</b> <<a href="mailto:BlueBoar@thievco.com">BlueBoar@thievco.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
3APA3A wrote:<br>> First, by reading 'crack' I thought lady can recover full message by<br>> it's signature. After careful reading she can bruteforce collisions 2000<br>> times faster.<br><br>Cracking a hash would never mean recovering the full original message,
<br>except for possibly messages that were smaller than the number of bits<br>in the hash value. There are an infinite number of messages that all<br>hash to the same value.<br><br>The best crack you can have for a hash is to be able collide with an
<br>existing hash value and be able to choose most of the message contents.<br><br> BB<br><br>_______________________________________________<br>Full-Disclosure - We believe in it.<br>
Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html">http://lists.grok.org.uk/full-disclosure-charter.html</a><br>Hosted and sponsored by Secunia - <a href="http://secunia.com/">http://secunia.com/</a>
<br></blockquote></div><br>