[IP] One cryptographer's perspective on the SHA-1 result
James A. Donald
jamesd at echeque.com
Fri Mar 4 17:23:16 EST 2005
--
On 23 Feb 2005 at 21:37, Steven M. Bellovin wrote:
> I don't know if there's quite the need for open process for a
> hash function as there was for a secrecy algorithm. The AES
> process, after all, had to cope with the legacy of Clipper
> and key escrow, to say nothing of the 25 years of DES
> paranoia that was only laid to rest by the reinvention of
> differential cryptanalysis. (The Deep Crack machine only
> confirmed another part of the paranoia, of course, but the
> essential parameter it exploited -- key size -- was both
> obviously insufficient in 1979 and obviously sufficient from
> the requirements of the AES competition.) It is clear, as
> Burt said, that we need a large-scale effort to produce new
> and better hash functions. To try to repair the MD*/SHA*
> family is to risk the cry of "epicycles".
The attacks on MD*/SHA* are weak and esoteric. It is not so
fundamentally broken as to justify starting over.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
QVYtFQAELN4YlZ9xB60CvXTqW8QT8rOABMbJrPXE
4hz2qo1jnDwc3tmFFeyh6lG9sOrXL1783FYSh2s+v
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list