[16916] in cryptography@c2.net mail archive
Re: SHA-1 cracked
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Thu Feb 17 07:56:30 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: Alexandre Dulaunoy <adulau@foo.be>
Cc: cryptography@metzdowd.com
In-Reply-To: Your message of "Wed, 16 Feb 2005 15:14:02 +0100."
<Pine.LNX.4.44.0502161506310.23328-100000@gilmore.ael.be>
Date: Wed, 16 Feb 2005 09:24:57 -0500
In message <Pine.LNX.4.44.0502161506310.23328-100000@gilmore.ael.be>, Alexandre
Dulaunoy writes:
>On Tue, 15 Feb 2005, Steven M. Bellovin wrote:
>
>> According to Bruce Schneier's blog
>> (http://www.schneier.com/blog/archives/2005/02/sha1_broken.html), a
>> team has found collisions in full SHA-1. It's probably not a practical
>> threat today, since it takes 2^69 operations to do it and we haven't
>> heard claims that NSA et al. have built massively parallel hash
>> function collision finders, but it's an impressive achievement
>> nevertheless -- especially since it comes just a week after NIST stated
>> that there were no successful attacks on SHA-1.
>
>and what about HMAC-SHA1 ? Is it reducing the operation required by
>the same factor or as the structure of HMAC is so different that the
>attack is very unlikely to be practical ?
>
As the blog entry mentions, it's it's unlikely that SHA-1 is affected.
That said, the attack merits close attention; as Schneier has noted in
other contexts, attacks always get better, never worse.
--Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
