SHA-1 cracked

Dan Kaminsky dan at doxpara.com
Wed Feb 16 17:16:36 EST 2005


It is worth emphasizing that, as a 2^69 attack, we're not going to be
getting test vectors out of Wang.  After all, if she had 2^69
computation available, she wouldn't have needed to attack MD5; she could
have just brute forced it in 2^64.

This means the various attacks in the MD5 Someday paper aren't going to
cross over to SHA-1, i.e. don't expect these anytime soon for SHA-1.

    http://www.doxpara.com/t1.html
    http://www.doxpara.com/t2.html

--Dan

Steven M. Bellovin wrote:

>According to Bruce Schneier's blog 
>(http://www.schneier.com/blog/archives/2005/02/sha1_broken.html), a 
>team has found collisions in full SHA-1.  It's probably not a practical 
>threat today, since it takes 2^69 operations to do it and we haven't 
>heard claims that NSA et al. have built massively parallel hash 
>function collision finders, but it's an impressive achievement 
>nevertheless -- especially since it comes just a week after NIST stated 
>that there were no successful attacks on SHA-1.
>
>		--Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb
>
>
>
>---------------------------------------------------------------------
>The Cryptography Mailing List
>Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
>  
>


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list