[Cryptography] Collisions w/SHA-1 ~$100,000 TODAY
Philipp Jovanovic
philipp at jovanovic.io
Sat Oct 10 12:06:19 EDT 2015
> Can anyone provide a pointy-eared boss description of what a *freestart* collision is?
The input to the inner layer of a hash function based on the Merkle-Damgard construction (which is used by SHA1) are
- a message block and
- a chaining value.
For the first block there is no previous chaining value though and thus a fixed initialisation vector (IV) is used.
In a freestart collision an attacker can choose the IV.
That’s it.
All the best,
Philipp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151010/b8d44d73/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151010/b8d44d73/attachment.sig>
More information about the cryptography
mailing list