Re: SHA-1 broken

To: Gadi Evron <gadi@xxxxxxxxxxxxx>
Subject: Re: SHA-1 broken
From: Robert Sussland <robert@xxxxxxxxxxx>
Date: Wed, 16 Feb 2005 17:25:06 -0800
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <421342FB.2040302@xxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <421342FB.2040302@xxxxxxxxxxxxx>


On Feb 16, 2005, at 4:56 AM, Gadi Evron wrote:

Now, we've all seen this coming for a while.
http://www.schneier.com/blog/archives/2005/02/sha1_broken.html

Where do we go from here?

We abandon the requirement of collision resistance. This is a strangerequirement, and is not supported by experience. Collision resistanceis not a "hard" problem in the sense that factoring large numbers orcomputing discrete logs is hard. Collision resistance in deterministichash functions smells too much like generating entropy without secrets.I have no reason to believe that careful analysis of *any* publiclyknown deterministic many-to-one function will not allow me to produce acollision, assuming I control all inputs into the function.

From my point of view, the issue is what weaker assumption do wereplace collision resistance with -- how about:

target collision resistance, with the "strength" of resistance equal tothe average advantage an attacker would gain in matching a fixedtarget, as the target is averaged over all possible inputs in a measurespace? Then, producing "rare" messages which could be targeted wouldnot weaken the hash, as the probability of such messages occurringwould be low.

Follow-Ups:
- Re: SHA-1 broken
  - From: dullien

References:
- SHA-1 broken
  - From: Gadi Evron

Prev by Date: RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
Next by Date: Re: SHA-1 broken
Previous by thread: Re: SHA-1 broken
Next by thread: Re: SHA-1 broken
Index(es):
- Date
- Thread