Interesting People mailing list archives
more on SHA-1 cracked?
From: David Farber <dave () farber net>
Date: Wed, 16 Feb 2005 12:27:29 -0500
------ Forwarded Message From: Dan Steinberg <synthesis () videotron ca> Date: Wed, 16 Feb 2005 12:10:39 -0500 To: <dave () farber net> Subject: Re: [IP] more on SHA-1 cracked? given the pace that processing power increases and given the improvements in p2p processing efforts and given that anyone who has to 'fix' something needs to spend time researching and implementing whatever changes are required to retire SHA-1 and replace it with....{something better} shouldnt this be a massive warning to start 'now'? Just because its not broke today, who can fix it in time and do proper testing instantly? Dan Steinberg SYNTHESIS:Law & Technology 35, du Ravin phone: (613) 794-5356 Chelsea, Quebec J9B 1N1 e-mail:synthesis () videotron ca David Farber wrote:
------ Forwarded Message From: Von Welch <vwelch () ncsa uiuc edu> Date: Wed, 16 Feb 2005 09:45:28 -0600 To: <dave () farber net> Subject: Re: [IP] SHA-1 cracked? Dave, Before spreading too much concern over SHA-1 being cracked, please read Steve Bellovin's note below. Folks need to understand the what "cracked" or "broken" means to cryptographers; this doesn't necessarily have immediate implications for the world in practice. Von ------- start of forwarded message ------- Delivered-To: cryptography () metzdowd com From: "Steven M. Bellovin" <smb () cs columbia edu> To: cryptography () metzdowd com Subject: SHA-1 cracked Date: Tue, 15 Feb 2005 23:29:43 -0500 According to Bruce Schneier's blog (http://www.schneier.com/blog/archives/2005/02/sha1_broken.html), a team has found collisions in full SHA-1. It's probably not a practical threat today, since it takes 2^69 operations to do it and we haven't heard claims that NSA et al. have built massively parallel hash function collision finders, but it's an impressive achievement nevertheless -- especially since it comes just a week after NIST stated that there were no successful attacks on SHA-1. --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb --------------------------------------------------------------------- David Farber writes (10:21 February 16, 2005):------ Forwarded Message From: Rodney Joffe <rjoffe () centergate com> Date: Wed, 16 Feb 2005 07:36:36 -0700 To: Dave Farber <dave () farber net> Subject: SHA-1 cracked? For IP Hi Dave, Bruce Schneier is reporting in his blog that SHA-1 appears to have been broken by a Chinese group, and that is has collisions "in the the fullSHA-1in 2**69 hash operations, much less than the brute-force attack of 2**80 operations based on the hash length.". This could have non-trivial implications for many current commercial operations. http://www.schneier.com/blog/archives/2005/02/sha1_broken.html Rodney Joffe Chairman and CTO UltraDNS Corporation ------ End of Forwarded Message
-- Dan Steinberg SYNTHESIS:Law & Technology 35, du Ravin phone: (613) 794-5356 Chelsea, Quebec J9B 1N1 e-mail:synthesis () videotron ca ------ End of Forwarded Message ------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on SHA-1 cracked? David Farber (Feb 16)