Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

more on SHA-1 cracked?

From: David Farber <dave () farber net>
Date: Wed, 16 Feb 2005 11:29:27 -0500

------ Forwarded Message
From: Von Welch <vwelch () ncsa uiuc edu>
Date: Wed, 16 Feb 2005 09:45:28 -0600
To: <dave () farber net>
Subject: Re: [IP] SHA-1 cracked?


Dave,

 Before spreading too much concern over SHA-1 being cracked, please
read Steve Bellovin's note below. Folks need to understand the
what "cracked" or "broken" means to cryptographers; this doesn't
necessarily have immediate implications for the world in practice.

Von

------- start of forwarded message -------
Delivered-To: cryptography () metzdowd com
From: "Steven M. Bellovin" <smb () cs columbia edu>
To: cryptography () metzdowd com
Subject: SHA-1 cracked
Date: Tue, 15 Feb 2005 23:29:43 -0500

According to Bruce Schneier's blog
(http://www.schneier.com/blog/archives/2005/02/sha1_broken.html), a
team has found collisions in full SHA-1.  It's probably not a practical
threat today, since it takes 2^69 operations to do it and we haven't
heard claims that NSA et al. have built massively parallel hash
function collision finders, but it's an impressive achievement
nevertheless -- especially since it comes just a week after NIST stated
that there were no successful attacks on SHA-1.

  --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb



---------------------------------------------------------------------

David Farber writes (10:21 February 16, 2005):


------ Forwarded Message
From: Rodney Joffe <rjoffe () centergate com>
Date: Wed, 16 Feb 2005 07:36:36 -0700
To: Dave Farber <dave () farber net>
Subject: SHA-1 cracked?

For IP

Hi Dave,

Bruce Schneier is reporting in his blog that SHA-1 appears to have been
broken by a Chinese group, and that is has collisions "in the the full

SHA-1

in 2**69 hash operations, much less than the brute-force attack of 2**80
operations based on the hash length.".

This could have non-trivial implications for many current commercial
operations.

http://www.schneier.com/blog/archives/2005/02/sha1_broken.html

Rodney Joffe
Chairman and CTO
UltraDNS Corporation





------ End of Forwarded Message


-------------------------------------
You are subscribed as vwelch () ncsa uiuc edu
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: 

http://www.interesting-people.org/archives/interesting-people/

------ End of Forwarded Message


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: