[IP] more on SHA-1 cracked?

To: Ip <ip@xxxxxxxxxxxxxx>
Subject: [IP] more on SHA-1 cracked?
From: David Farber <dave@xxxxxxxxxx>
Date: Wed, 16 Feb 2005 11:29:27 -0500
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
Reply-to: dave@xxxxxxxxxx
Sender: owner-ip@xxxxxxxxxxxxxx
User-agent: Microsoft-Entourage/11.1.0.040913

------ Forwarded Message
From: Von Welch <vwelch@xxxxxxxxxxxxx>
Date: Wed, 16 Feb 2005 09:45:28 -0600
To: <dave@xxxxxxxxxx>
Subject: Re: [IP] SHA-1 cracked?


Dave,

 Before spreading too much concern over SHA-1 being cracked, please
read Steve Bellovin's note below. Folks need to understand the
what "cracked" or "broken" means to cryptographers; this doesn't
necessarily have immediate implications for the world in practice.

Von

------- start of forwarded message -------
Delivered-To: cryptography@xxxxxxxxxxxx
From: "Steven M. Bellovin" <smb@xxxxxxxxxxxxxxx>
To: cryptography@xxxxxxxxxxxx
Subject: SHA-1 cracked
Date: Tue, 15 Feb 2005 23:29:43 -0500

According to Bruce Schneier's blog
(http://www.schneier.com/blog/archives/2005/02/sha1_broken.html), a
team has found collisions in full SHA-1.  It's probably not a practical
threat today, since it takes 2^69 operations to do it and we haven't
heard claims that NSA et al. have built massively parallel hash
function collision finders, but it's an impressive achievement
nevertheless -- especially since it comes just a week after NIST stated
that there were no successful attacks on SHA-1.

  --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb



---------------------------------------------------------------------

David Farber writes (10:21 February 16, 2005):
 > 
 > ------ Forwarded Message
 > From: Rodney Joffe <rjoffe@xxxxxxxxxxxxxx>
 > Date: Wed, 16 Feb 2005 07:36:36 -0700
 > To: Dave Farber <dave@xxxxxxxxxx>
 > Subject: SHA-1 cracked?
 > 
 > For IP
 > 
 > Hi Dave,
 > 
 > Bruce Schneier is reporting in his blog that SHA-1 appears to have been
 > broken by a Chinese group, and that is has collisions "in the the full
SHA-1
 > in 2**69 hash operations, much less than the brute-force attack of 2**80
 > operations based on the hash length.".
 > 
 > This could have non-trivial implications for many current commercial
 > operations.
 > 
 > http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
 > 
 > Rodney Joffe
 > Chairman and CTO
 > UltraDNS Corporation
 > 
 > 
 > 
 > 
 > 
 > ------ End of Forwarded Message
 > 
 > 
 > -------------------------------------
 > You are subscribed as vwelch@xxxxxxxxxxxxx
 > To manage your subscription, go to
 >   http://v2.listbox.com/member/?listname=ip
 > 
 > Archives at: 
http://www.interesting-people.org/archives/interesting-people/

------ End of Forwarded Message


-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] Laurels for Giving the Internet Its Language
Next by Date: [IP] more on SHA-1 cracked?
Previous by thread: [IP] SHA-1 cracked?
Next by thread: [IP] more on SHA-1 cracked?
Index(es):
- Date
- Thread