[16910] in cryptography@c2.net mail archive
SHA-1 broken, says Schneier
daemon@ATHENA.MIT.EDU (Andy Isaacson)
Wed Feb 16 08:22:35 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 15 Feb 2005 18:56:05 -0800
From: Andy Isaacson <adi@hexapodia.org>
To: cryptography@metzdowd.com
>From Bruce Schneier's weblog:
http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
# SHA-1 has been broken. Not a reduced-round version. Not a simplified
# version. The real thing.
#
# The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu (mostly
# from Shandong University in China) have been quietly circulating a paper
# announcing their results:
#
# * collisions in the the full SHA-1 in 2**69 hash operations, much
# * less than the brute-force attack of 2**80 operations based on the
# * hash length.
#
# * collisions in SHA-0 in 2**39 operations.
#
# * collisions in 58-round SHA-1 in 2**33 operations.
#
# This attack builds on previous attacks on SHA-0 and SHA-1, and is a
# major, major cryptanalytic result. This pretty much puts a bullet into
# SHA-1 as a hash function for digital signatures (although it doesn't
# affect applications such as HMAC).
#
# The paper isn't generally available yet. At this point I can't tell if
# the attack is real, but the paper looks good and this is a reputable
# research team.
This appears to be the same research team that published the MD5
collision technique back in August.
-andy
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
