[16915] in cryptography@c2.net mail archive
Re: SHA-1 cracked
daemon@ATHENA.MIT.EDU (Alexandre Dulaunoy)
Thu Feb 17 07:55:34 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 16 Feb 2005 15:14:02 +0100 (CET)
From: Alexandre Dulaunoy <adulau@foo.be>
To: "Steven M. Bellovin" <smb@cs.columbia.edu>
Cc: cryptography@metzdowd.com
In-Reply-To: <20050216042943.1BA4F3C03BD@berkshire.machshav.com>
On Tue, 15 Feb 2005, Steven M. Bellovin wrote:
> According to Bruce Schneier's blog
> (http://www.schneier.com/blog/archives/2005/02/sha1_broken.html), a
> team has found collisions in full SHA-1. It's probably not a practical
> threat today, since it takes 2^69 operations to do it and we haven't
> heard claims that NSA et al. have built massively parallel hash
> function collision finders, but it's an impressive achievement
> nevertheless -- especially since it comes just a week after NIST stated
> that there were no successful attacks on SHA-1.
and what about HMAC-SHA1 ? Is it reducing the operation required by
the same factor or as the structure of HMAC is so different that the
attack is very unlikely to be practical ?
--
-- Alexandre Dulaunoy (adulau) -- http://www.foo.be/
-- http://pgp.ael.be:11371/pks/lookup?op=get&search=0x44E6CBCD
-- "Knowledge can create problems, it is not through ignorance
-- that we can solve them" Isaac Asimov
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
