[16936] in cryptography@c2.net mail archive
Re: SHA-1 cracked
daemon@ATHENA.MIT.EDU (Ian G)
Tue Feb 22 11:35:15 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 17 Feb 2005 15:28:29 +0000
From: Ian G <iang@systemics.com>
To: John Kelsey <kelsey.j@ix.netcom.com>
Cc: "Steven M. Bellovin" <smb@cs.columbia.edu>,
cryptography@metzdowd.com
In-Reply-To: <18854796.1108653607492.JavaMail.root@bert.psp.pas.earthlink.net>
John Kelsey wrote:
>Anyone know where we could find the paper? It'd be kind-of convenient when trying to assess the impact of the attack if we knew at least a few details....
>
>
The *words* part I typed in here:
http://www.financialcryptography.com/mt/archives/000357.html
I skipped the examples. It is very brief.
>If it's really the case that the attack requires colliding messages of different sizes (that's what this comment implies), then maybe the attack won't be applicable in the real world, but it's hard to be sure of that. Suppose I can find collisions of the form (X,X*) where X is three blocks long, and X* is four blocks long. Now, that won't work as a full collision, because the length padding at the end will change for X and X*. But I can find two such collisions, and still get a working attack by concatenating them.
>
>
This is the relevant para:
"Table 2: A collision of SHA1 reduced to 58 steps. The two messages that
collide are M0 and M'0. Note that padding rules were not applied to the
messages."
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
