SHA-1 cracked
Dan Kaminsky
dan at doxpara.com
Wed Feb 16 17:16:36 EST 2005
It is worth emphasizing that, as a 2^69 attack, we're not going to be
getting test vectors out of Wang. After all, if she had 2^69
computation available, she wouldn't have needed to attack MD5; she could
have just brute forced it in 2^64.
This means the various attacks in the MD5 Someday paper aren't going to
cross over to SHA-1, i.e. don't expect these anytime soon for SHA-1.
http://www.doxpara.com/t1.html
http://www.doxpara.com/t2.html
--Dan
Steven M. Bellovin wrote:
>According to Bruce Schneier's blog
>(http://www.schneier.com/blog/archives/2005/02/sha1_broken.html), a
>team has found collisions in full SHA-1. It's probably not a practical
>threat today, since it takes 2^69 operations to do it and we haven't
>heard claims that NSA et al. have built massively parallel hash
>function collision finders, but it's an impressive achievement
>nevertheless -- especially since it comes just a week after NIST stated
>that there were no successful attacks on SHA-1.
>
> --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb
>
>
>
>---------------------------------------------------------------------
>The Cryptography Mailing List
>Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
>
>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list