switching from SHA-1 to Tiger ?

[Mads Rasmussen]

Maybe you haven't heard but Tiger is being analysed against collision attack

At FSE 2006 Kelsey and Stefan Lucks presented a paper on Tiger

John Kelsey, Stefan Lucks:  Collisions and Near-Collisions for 
Reduced-Round Tiger, Preproceedings of FSE 2006.

Abstract:
We describe a collision-finding attack on 16 rounds of the Tiger hash 
function requiring the time for about 2^44 compression function 
invocations. Another attack generates pseudo-near collisions, but for 20 
rounds of Tiger with work less than that of 2^48 compression function 
invocations. Since Tiger has only 24 rounds, these attacks may raise 
some questions about the security of Tiger. In developing these attacks, 
we adapt the ideas of message modification attacks and neutral bits, 
developed in the analysis of MD4 family hashes, to a completely 
different hash function design.

The paper is available via 
http://th.informatik.uni-mannheim.de/people/lucks/papers/Tiger_FSE_v10.pdf

Greetings,

Mads

Zooko O'Whielacronx wrote:
> Thanks for the news about the planned NIST-sponsored hash function 
> competition.  I'm glad to hear that it is in the works.
>
> Yesterday I profiled my on-line data backup application [1] and 
> discovered that for certain operations one third of the time is spent 
> in SHA-1.  For that reason, I've been musing about the possibility of 
> switching away from SHA-1.  Not to SHA-256 or SHA-512, but to Tiger.


-- 
Mads Rasmussen
LEA - Laboratório de Ensaios e Auditoria
ICP-Brasil   
(Brazilian PKI Cryptographic Certification Laboratory)
Office: +55 11 4208 3873
Mobile: +55 11 9655 8885
Skype: mads_work
http://www.lea.gov.br
    


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com