PeOfEo
02-15-2005, 09:51 PM
http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
Click to See Complete Forum and Search --> : sha-1 broken
Stephen Philbin
02-17-2005, 06:15 AM
Comments
Hi Ian,
Nice to be in contact again after all those years! Just read your blog entry on the reported SHA-I attack. While I have not yet had the time myself to read the paper and Bruce's report (so little time, so much work!), the following (e-mail) word just reached me from McGill five minutes ago: "it seems that Schneier forgot to mention that the paper has a footnote which says that the attack on full SHA-1 only works if some padding (which SHA-1 requires) is not done."
Stefan
www.idcorner.org
Posted by: Stefan at February 16, 2005 04:33 PM
Still one to watch though. That's a new bookmark.
Hi Ian,
Nice to be in contact again after all those years! Just read your blog entry on the reported SHA-I attack. While I have not yet had the time myself to read the paper and Bruce's report (so little time, so much work!), the following (e-mail) word just reached me from McGill five minutes ago: "it seems that Schneier forgot to mention that the paper has a footnote which says that the attack on full SHA-1 only works if some padding (which SHA-1 requires) is not done."
Stefan
www.idcorner.org
Posted by: Stefan at February 16, 2005 04:33 PM
Still one to watch though. That's a new bookmark.
Jeff Mott
02-26-2005, 02:16 PM
Also of interest in regards to SHA-1's relative security:
"In academic cryptography, any attack that has less computational complexity than the expected time needed for brute force is considered a break."
"Even with this new attack, SHA-1 is still more secure than MD5 ever was. A brute force collision attack against MD5 takes only 2^64 operations, less than the 2^69 operations claimed by the unpublished attack. Keep in mind that MD5 has also been cracked, so the difference between MD5 and SHA-1 is actually far greater."
So what this attack really means:
"In terms of practical security, the major concern about this new attack is that it might pave the way to more efficient attacks. Whether this is the case has yet to be seen."
Never the less, it may be a good idea to make the transition to a stronger hash now so that you are not in a hurried panic if a truly practical break does come through.
"In academic cryptography, any attack that has less computational complexity than the expected time needed for brute force is considered a break."
"Even with this new attack, SHA-1 is still more secure than MD5 ever was. A brute force collision attack against MD5 takes only 2^64 operations, less than the 2^69 operations claimed by the unpublished attack. Keep in mind that MD5 has also been cracked, so the difference between MD5 and SHA-1 is actually far greater."
So what this attack really means:
"In terms of practical security, the major concern about this new attack is that it might pave the way to more efficient attacks. Whether this is the case has yet to be seen."
Never the less, it may be a good idea to make the transition to a stronger hash now so that you are not in a hurried panic if a truly practical break does come through.
PeOfEo
02-26-2005, 02:58 PM
This break does not make sha-1 really bad to use, but once there has been a break that leads to further breaks.
webdeveloper.com
Copyright Internet.com Inc., All Rights Reserved.
Copyright Internet.com Inc., All Rights Reserved.