On hash breaks, was Re: First quantum crypto bank transfer

Joseph Ashwood ashwood at msn.com
Sun Aug 22 16:42:03 EDT 2004 

Since the rest has been covered quite well, I will instead focus on the 
comparison of AES and SHA-0, RIPEM, MD5, etc.

----- Original Message ----- 
From: "Jerrold Leichter" <jerrold.leichter at smarts.com>
Subject: Re: First quantum crypto bank transfer


> Alternatively, how anyone can have absolute confidence in conventional 
> crypto
> in a week when a surprise attack appears against a widely-fielded 
> primitive
> like MD5 is beyond me.  Is our certainty about AES's security really any
> better today than was our certainty about RIPEM - or even SHA-0 - was 
> three
> weeks ago?
> -- Jerry

Actually for years the cryptography community has been saying "retire MD5," 
SHA-0 has been required to be replaced by SHA-1 for some time, the RIPEM 
series is functionally-speaking unused and represented the only real 
surprise. Except for RIPEM there were known to be reasons for this, MD5 was 
known to be flawed, SHA-0 was replaced because it was flawed (although 
knowledge of the nature of the flaw was hidden). Even with RIPEM (and SHA-1 
for the same reason) I have plans in place (and have had for some time) the 
move away from 160-bit hashes to larger ones, so the attack on RIPEM had 
little effect on me and my clients, even a full attack on SHA-1 would have 
little effect on the clients that actually listen (they all have backup 
plans that involve the rest of the SHA series and at the very least 
Whirlpool).

So basically I encourage my clients to maintain good business practices 
which means that they don't need to have belief in the long term security of 
AES, or SHA-1, or RSA, or ......... This is just good business, and it is a 
process that evolved to deal with similar circumstances.
                Joe


Trust Laboratories
Changing Software Development
http://www.trustlaboratories.com 

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list