Re: SHA-1 broken

To: dullien@xxxxxx
Subject: Re: SHA-1 broken
From: Darren Reed <avalon@xxxxxxxxxxxxxxxxxxx>
Date: Sun, 20 Feb 2005 04:24:17 +1100 (Australia/ACT)
Cc: robert@xxxxxxxxxxx (Robert Sussland), gadi@xxxxxxxxxxxxx (Gadi Evron), bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <011401c51541$fdafedb0$0400a8c0@p14n> from "dullien@xxxxxx" at Feb 17, 2005 02:42:40 PM
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

In some mail from dullien@xxxxxx, sie said:
> 
> Hey all,
> 
> > We abandon the requirement of collision resistance. This is a strange 
> > requirement, and is not supported by experience. Collision resistance 
> 
> we might think of changing the requirement of collision resistance
> to "collision resistance in input data that is valid ASCII text". The
> attacks on MD5 used the weak avalanche of the highest-order bit
> in 32-bit words for producing the collision, basically precluding the
> possibility of generating colliding ASCII text.

And what about the case for (uncompressed) binary images ?

Darren

Follow-Ups:
- Re: SHA-1 broken
  - From: dullien

References:
- Re: SHA-1 broken
  - From: dullien

Prev by Date: Re: SHA-1 broken
Next by Date: Multiples vulnerability in ZeroBoard,
Previous by thread: Re: SHA-1 broken
Next by thread: Re: SHA-1 broken
Index(es):
- Date
- Thread