SHA-1 cracked

Ian G iang at systemics.com
Wed Feb 16 17:33:06 EST 2005


Steven M. Bellovin wrote:

>According to Bruce Schneier's blog 
>(http://www.schneier.com/blog/archives/2005/02/sha1_broken.html), a 
>team has found collisions in full SHA-1.  It's probably not a practical 
>threat today, since it takes 2^69 operations to do it and we haven't 
>heard claims that NSA et al. have built massively parallel hash 
>function collision finders, but it's an impressive achievement 
>nevertheless -- especially since it comes just a week after NIST stated 
>that there were no successful attacks on SHA-1.
>  
>

Stefan Brands just posted on my blog (and I saw
reference to this in other blogs, posted anon)
saying that "it seems that Schneier forgot to
mention that the paper has a footnote which
says that the attack on full SHA-1 only works
if some padding (which SHA-1 requires) is not
done."

http://www.financialcryptography.com/mt/archives/000355.html


I think this might be an opportune time to introduce a
new way of looking at algorithms.  I've written it up
in draft (excuse the postit notes) :

http://iang.org/papers/pareto_secure.html

In short, what I do is apply the concepts of the econ
theory of "Pareto efficiency" to the metric of security.
This allows a definition of what we mean by "secure"
which is quite close to colloquial usage;  in the
language so introduced, I'd suggest that SHA-1 used
to be Pareto-complete, and is now Pareto-secure for
certain applications.  I have a little table down
the end that now needs to be updated!

Comments welcome, it is not a long nor mathematical
paper!  Some small consolation for those not at the
RSA conference.

iang

-- 
News and views on what matters in finance+crypto:
        http://financialcryptography.com/


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list