Re: SHA-1 broken

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: Re: SHA-1 broken
From: Tollef Fog Heen <tfheen@xxxxxx>
Date: Sat, 19 Feb 2005 14:22:12 +0100
In-reply-to: <011401c51541$fdafedb0$0400a8c0@p14n> (dullien@xxxxxx's message of "Thu, 17 Feb 2005 14:42:40 -0800")
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mail-copies-to: never
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: Private
References: <421342FB.2040302@xxxxxxxxxxxxx> <afe9143f566f6c72bc02940bdc7a2a29@xxxxxxxxxxx> <011401c51541$fdafedb0$0400a8c0@p14n>
User-agent: Gnus/5.1007 (Gnus v5.10.7) Emacs/21.3 (gnu/linux)

* 

| Hey all,
| 
| > We abandon the requirement of collision resistance. This is a
| > strange requirement, and is not supported by experience. Collision
| > resistance
| 
| we might think of changing the requirement of collision resistance
| to "collision resistance in input data that is valid ASCII text". The
| attacks on MD5 used the weak avalanche of the highest-order bit
| in 32-bit words for producing the collision, basically precluding the
| possibility of generating colliding ASCII text.

That's not really useful is you want to sign something in non-English
languages.  Valid UTF8 might be a decent requirement, though.

-- 
Tollef Fog Heen                                                        ,''`.
UNIX is user friendly, it's just picky about who its friends are      : :' :
                                                                      `. `' 
                                                                        `-

Follow-Ups:
- Re: SHA-1 broken
  - From: Denis Jedig

References:
- SHA-1 broken
  - From: Gadi Evron
- Re: SHA-1 broken
  - From: Robert Sussland
- Re: SHA-1 broken
  - From: dullien

Prev by Date: Re: Possible phpBB <=2.0.11 bug or sql injection?
Next by Date: Re: Combining Hashes
Previous by thread: Re: SHA-1 broken
Next by thread: Re: SHA-1 broken
Index(es):
- Date
- Thread