Like what you see? Get it in one document for easy printing! Click Here!Use coupon code "certiguide" to save 20%!(Expires 2004/12/31)

 Test yourself better with 300 extra Security+ questions! Get It Here!

1.4.10  Birthday

A birthday attack is a type of brute force attack. The name comes from the birthday paradox which states that, as few as 23 people brought together double the probability that two of the people share the same birthday. This may fly in the face of common sense; however it is not possible to argue with the math86.

The high probability of duplicates within a relatively small number of samples means that it is possible to create a mathematically identical message digest (practically-unique identifier, discussed in the Cryptography chapter) for a different message or document. Statistically speaking, you’ll usually find a duplicate value before you’ve tried even half the possible combinations.

Fortunately, the message that produces the duplicate will (in all probability) obviously be invalid (probably a string of gibberish characters rather than coherent words or whatever else the original message contained), and the recipient of such a message would be suspect of it even if the message digest were the same.

 Happy Birthday?A birthday attack is a specific kind of brute force attack that takes advantage of the fact that multiple sets of source data can encrypt to the same hash value. For example, it could be used to find another message that would encrypt to the same MD5 hash value associated with an original message. Theoretically, this would let an attacker change the contents of the message.It is referred to as a birthday attack because it takes advantage of probabilities, much like the old trick in which you would bet your friend dinner that two people in a 50-person room shared the same birthday (and you would usually win, due to the odds increasing with each additional person in the room).

__________________

86. http://www.veracity.com/tutorial/sig_secure.html

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than \$1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
 Donate \$2
 Donate \$5
 Donate \$10
 Donate \$20
 Donate \$30
 Donate: \$