Can you keep a secret? This encrypted drive can...
Greg Rose
ggr at qualcomm.com
Thu Nov 9 00:39:28 EST 2006
>At 17:58 -0500 2006/11/08, Leichter, Jerry wrote:
>No, SHA-1 is holding on (by a thread) because of differences in the
>details of the algorithm - details it shares with SHA-256. I
>don't think anyone will seriously argue that if SHA-1 is shown to
>be as vulnerable as we now know ND5 to be, then SHA-256 can still
>be taken to be safe for more than a fairly short time.
Hmm, I disagree with this. Firstly, I don't think SHA-1 *is* holding
on... while we don't have an example collision yet, there is no real
doubt that one can be found in about 2^64 operations, which is less
than the required 2^80. And SHA-2 does have a significantly different
design in one area; the data expansion part is much stronger than
SHA-1's, and almost certainly defeats the Wang-style attacks. Our
paper on eprint gives some justification for why SHA-2 would appear
to be resistant to these kinds of attacks.
Greg.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list