Interesting People mailing list archives
more on SHA-1 cracked?
From: David Farber <dave () farber net>
Date: Wed, 16 Feb 2005 11:29:27 -0500
------ Forwarded Message From: Von Welch <vwelch () ncsa uiuc edu> Date: Wed, 16 Feb 2005 09:45:28 -0600 To: <dave () farber net> Subject: Re: [IP] SHA-1 cracked? Dave, Before spreading too much concern over SHA-1 being cracked, please read Steve Bellovin's note below. Folks need to understand the what "cracked" or "broken" means to cryptographers; this doesn't necessarily have immediate implications for the world in practice. Von ------- start of forwarded message ------- Delivered-To: cryptography () metzdowd com From: "Steven M. Bellovin" <smb () cs columbia edu> To: cryptography () metzdowd com Subject: SHA-1 cracked Date: Tue, 15 Feb 2005 23:29:43 -0500 According to Bruce Schneier's blog (http://www.schneier.com/blog/archives/2005/02/sha1_broken.html), a team has found collisions in full SHA-1. It's probably not a practical threat today, since it takes 2^69 operations to do it and we haven't heard claims that NSA et al. have built massively parallel hash function collision finders, but it's an impressive achievement nevertheless -- especially since it comes just a week after NIST stated that there were no successful attacks on SHA-1. --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb --------------------------------------------------------------------- David Farber writes (10:21 February 16, 2005):
------ Forwarded Message From: Rodney Joffe <rjoffe () centergate com> Date: Wed, 16 Feb 2005 07:36:36 -0700 To: Dave Farber <dave () farber net> Subject: SHA-1 cracked? For IP Hi Dave, Bruce Schneier is reporting in his blog that SHA-1 appears to have been broken by a Chinese group, and that is has collisions "in the the full
SHA-1
in 2**69 hash operations, much less than the brute-force attack of 2**80 operations based on the hash length.". This could have non-trivial implications for many current commercial operations. http://www.schneier.com/blog/archives/2005/02/sha1_broken.html Rodney Joffe Chairman and CTO UltraDNS Corporation ------ End of Forwarded Message ------------------------------------- You are subscribed as vwelch () ncsa uiuc edu To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at:
http://www.interesting-people.org/archives/interesting-people/ ------ End of Forwarded Message ------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on SHA-1 cracked? David Farber (Feb 16)