<div dir="ltr"><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jun 29, 2017 at 9:30 PM, Ben Laurie <span dir="ltr"><<a href="mailto:ben@links.org" target="_blank">ben@links.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote"><span class="">On 29 June 2017 at 18:56, Phillip Hallam-Baker <span dir="ltr"><<a href="mailto:phill@hallambaker.com" target="_blank">phill@hallambaker.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div style="font-size:small"><br></div><div class="gmail_extra"><br><div class="gmail_quote"><span>On Wed, Jun 28, 2017 at 12:09 PM, Ron Garret <span dir="ltr"><<a href="mailto:ron@flownet.com" target="_blank">ron@flownet.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
On Jun 28, 2017, at 9:00 AM, Ron Garret <<a href="mailto:ron@flownet.com" target="_blank">ron@flownet.com</a>> wrote:<br>
<br>
> <a href="https://github.com/laie/WorldsFirstSha2Vulnerability" rel="noreferrer" target="_blank">https://github.com/laie/Worlds<wbr>FirstSha2Vulnerability</a><br>
<br>
Turns out to be a false alarm.<br>
<br>
<a href="https://crypto.stackexchange.com/questions/48580/fixed-point-of-the-sha-256-compression-function" rel="noreferrer" target="_blank">https://crypto.stackexchange.c<wbr>om/questions/48580/fixed-point<wbr>-of-the-sha-256-compression-fu<wbr>nction</a><br>
<br>
Oh well, learn something new every day.<br></blockquote><div><br></div></span><div style="font-size:small">​I am confused. Since when did SHA-256 have an ​initialization vector?</div></div></div></div></blockquote><div><br></div></span><div>Since forever? But it is fixed.</div><div><br></div></div></div></div>
</blockquote></div><br></div><div class="gmail_extra"><div class="gmail_default" style="font-size:small">​Thats not something I think of as an IV because it is fixed. </div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">I was trying to work out how someone could have mistakenly thought that there was an issue or for that matter what the issue was.</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">Did I tell you about the time I broke 'MD5'? I was reading Bruce's book, trying to work out how the function worked and trying to solve it algorithmically and to my great surprise, succeeding.​</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">Turns out, that the version in the first edition is wrong, it misses out a critical addition term that is the thing that makes everything go non-linear. Fortunately, I checked the RFC before going down the hall to ask Rivest. When I told him about it, his response was 'well those addition terms are very important'.</div></div><div class="gmail_extra"><br></div></div>