Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

more on SHA-1 cracked?

From: David Farber <dave () farber net>
Date: Wed, 16 Feb 2005 12:27:29 -0500

------ Forwarded Message
From: Dan Steinberg <synthesis () videotron ca>
Date: Wed, 16 Feb 2005 12:10:39 -0500
To: <dave () farber net>
Subject: Re: [IP] more on SHA-1 cracked?

given the pace that  processing power increases and
given the improvements in p2p processing efforts and
given that anyone who has to 'fix' something needs to spend time
researching and implementing whatever changes are required to retire
SHA-1 and replace it with....{something better}

shouldnt this be a massive warning to start  'now'?
Just because its not broke today, who can fix it in time and do proper
testing instantly?

Dan Steinberg

SYNTHESIS:Law & Technology
35, du Ravin  phone: (613) 794-5356
Chelsea, Quebec   
J9B 1N1                 e-mail:synthesis () videotron ca


David Farber wrote:


------ Forwarded Message
From: Von Welch <vwelch () ncsa uiuc edu>
Date: Wed, 16 Feb 2005 09:45:28 -0600
To: <dave () farber net>
Subject: Re: [IP] SHA-1 cracked?


Dave,

Before spreading too much concern over SHA-1 being cracked, please
read Steve Bellovin's note below. Folks need to understand the
what "cracked" or "broken" means to cryptographers; this doesn't
necessarily have immediate implications for the world in practice.

Von

------- start of forwarded message -------
Delivered-To: cryptography () metzdowd com
From: "Steven M. Bellovin" <smb () cs columbia edu>
To: cryptography () metzdowd com
Subject: SHA-1 cracked
Date: Tue, 15 Feb 2005 23:29:43 -0500

According to Bruce Schneier's blog
(http://www.schneier.com/blog/archives/2005/02/sha1_broken.html), a
team has found collisions in full SHA-1.  It's probably not a practical
threat today, since it takes 2^69 operations to do it and we haven't
heard claims that NSA et al. have built massively parallel hash
function collision finders, but it's an impressive achievement
nevertheless -- especially since it comes just a week after NIST stated
that there were no successful attacks on SHA-1.

 --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb



---------------------------------------------------------------------

David Farber writes (10:21 February 16, 2005):


------ Forwarded Message
From: Rodney Joffe <rjoffe () centergate com>
Date: Wed, 16 Feb 2005 07:36:36 -0700
To: Dave Farber <dave () farber net>
Subject: SHA-1 cracked?

For IP

Hi Dave,

Bruce Schneier is reporting in his blog that SHA-1 appears to have been
broken by a Chinese group, and that is has collisions "in the the full

SHA-1

in 2**69 hash operations, much less than the brute-force attack of 2**80
operations based on the hash length.".

This could have non-trivial implications for many current commercial
operations.

http://www.schneier.com/blog/archives/2005/02/sha1_broken.html

Rodney Joffe
Chairman and CTO
UltraDNS Corporation





------ End of Forwarded Message







 



-- 
Dan Steinberg

SYNTHESIS:Law & Technology
35, du Ravin  phone: (613) 794-5356
Chelsea, Quebec   
J9B 1N1                 e-mail:synthesis () videotron ca


------ End of Forwarded Message


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: