collisions in 64 round variant of SHA-1 with 25% chosen plaintext

Travis H. solinym at
Thu Aug 24 20:25:11 EDT 2006

``Although the demonstration was restricted to the reduced SHA-1
variant in 64 steps, it can, according to the experts, also be
generalised to the standard 80 step variant. This means that SHA-1
must also be considered as cracked in principle. Christian Rechberger,
who developed the new attack together with his colleague Christophe De
Cannière, explained to heise Security that, in their experiments, up
to one quarter of the message could be freely selected. The remaining
75 percent is, as before, determined by the attack. Rechberger
suspects, however, that the amount that can be freely selected can be
further increased by optimising the attack.''
"If you're not part of the solution, you're part of the precipitate."
Unix "guru" for rent or hire -><-
GPG fingerprint: 9D3F 395A DAC5 5CCC 9066  151D 0A6B 4098 0C55 1484

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list