[16922] in cryptography@c2.net mail archive
Re: SHA-1 cracked
daemon@ATHENA.MIT.EDU (Dan Kaminsky)
Thu Feb 17 08:04:06 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 16 Feb 2005 14:16:36 -0800
From: Dan Kaminsky <dan@doxpara.com>
To: "Steven M. Bellovin" <smb@cs.columbia.edu>
Cc: cryptography@metzdowd.com
In-Reply-To: <20050216042943.1BA4F3C03BD@berkshire.machshav.com>
It is worth emphasizing that, as a 2^69 attack, we're not going to be
getting test vectors out of Wang. After all, if she had 2^69
computation available, she wouldn't have needed to attack MD5; she could
have just brute forced it in 2^64.
This means the various attacks in the MD5 Someday paper aren't going to
cross over to SHA-1, i.e. don't expect these anytime soon for SHA-1.
http://www.doxpara.com/t1.html
http://www.doxpara.com/t2.html
--Dan
Steven M. Bellovin wrote:
>According to Bruce Schneier's blog
>(http://www.schneier.com/blog/archives/2005/02/sha1_broken.html), a
>team has found collisions in full SHA-1. It's probably not a practical
>threat today, since it takes 2^69 operations to do it and we haven't
>heard claims that NSA et al. have built massively parallel hash
>function collision finders, but it's an impressive achievement
>nevertheless -- especially since it comes just a week after NIST stated
>that there were no successful attacks on SHA-1.
>
> --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb
>
>
>
>---------------------------------------------------------------------
>The Cryptography Mailing List
>Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
>
>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
