[IP] One cryptographer's perspective on the SHA-1 result

James A. Donald jamesd at echeque.com
Fri Mar 4 17:23:16 EST 2005

On 23 Feb 2005 at 21:37, Steven M. Bellovin wrote:
> I don't know if there's quite the need for open process for a
> hash function as there was for a secrecy algorithm.  The AES
> process, after all, had to cope with the legacy of Clipper
> and key escrow, to say nothing of the 25 years of DES
> paranoia that was only laid to rest by the reinvention of
> differential cryptanalysis.  (The Deep Crack machine only
> confirmed another part of the paranoia, of course, but the
> essential parameter it exploited -- key size -- was both
> obviously insufficient in 1979 and obviously sufficient from
> the requirements of the AES competition.)  It is clear, as
> Burt said, that we need a large-scale effort to produce new
> and better hash functions.  To try to repair the MD*/SHA*
> family is to risk the cry of "epicycles".

The attacks on MD*/SHA* are weak and esoteric.  It is not so
fundamentally broken as to justify starting over. 

         James A. Donald

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list