Dailydave mailing list archives
Re: SHA-2
From: Rodney Thayer <rodney () canola-jones com>
Date: Mon, 16 Aug 2004 21:43:26 -0700
At 10:52 PM 8/16/2004 -0400, dave wrote:
MD5 broken and SHA-1 about to fall? Are there any math PH.D's in the house who'd like to bring this into context, and perhaps provide some analysis of the magic bean that made it all happen? http://slashdot.org/article.pl?sid=04/08/17/0030243&tid=93&tid=162&tid=1&tid=218
I'm not a cryptographer and I don't play one on the Internet. But I was around when the Dobbertin attacks against MD-5 came out, and we had to think about this during the process of standardizing IPSEC, and TLS, and OpenPGP. Back before I was known as a non-lurker on Dailydave [1], I was a simple crypto plumber. So cryptographers basically make up work for themselves by building half-assed variants of working algorithms, and then breaking those. Some of the time this is technically brilliant, and mostly it's make-work for the grad students. Breaking a limited-round MD-5 doesn't necessarily relate to full MD-5, or SHA-0, or SHA-1. In this case the tealeaf readers are starting to claim that real live full-scale working SHA-1 might be found to have collisions, which Would Be Bad (think every crypto protocol fielded today is suddenly attackable, via the crypto.) Now there are other hash algorithms out there. I don't know if SHA-256 or SHA-512 are really just super-sized SHA-1, but I think that's the basic idea, so we're now hearing about new improved obscure hashes, like Whirlpool. This sounds good, until you remember that back when we were told SHA-1 *might* be unsafe because it was sort of structurally related to MD-5, we were told to check out Tiger. I can't tell where Tiger disappeared to. You'll find references to Tiger in early IPsec and early OpenPGP stuff. The real problem is that the combination of the crypto community and the IETF has caused the standards we field today to be hard to change. For example, I think it might be tough to crank a new ciphersuite through the IETF to fix TLS if in fact all the SHA's and all the MD-5's are broken. This in turn means that Microsoft (i.e. schannel.dll) or OpenSSL will have to invent something on their own. Also, remember it's the week of the Crypto conference in Santa Barbera, and, just like we have vulnerability storms, er, announcements around the time of BlackHat and Defcon, we have crypto storms, er, rumors, er, announcements around the time of Crypto. [1] I'm standing in the hallway at Black Hat, being introduced to a fellow trainer. I say my name, he responds by telling me my email address. I think real hard and don't remember ever giving him a business card. I look puzzled, and he explains "I know you, you post on The Daily Dave". _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave