May 28, 2006
Author(s)
John M. Kelsey, Tadayoshi Kohno
In this paper, we develop a new attack on Damgaard-Merkle hash functions, called the herding attack, in which an attacker who can find many collisions on the hash function by brute force can first provide the hash of message, and later ''herd'' any given