[IP] more on SHA-1 cracked?
------ Forwarded Message
From: Dan Steinberg <synthesis@xxxxxxxxxxxx>
Date: Wed, 16 Feb 2005 12:10:39 -0500
To: <dave@xxxxxxxxxx>
Subject: Re: [IP] more on SHA-1 cracked?
given the pace that processing power increases and
given the improvements in p2p processing efforts and
given that anyone who has to 'fix' something needs to spend time
researching and implementing whatever changes are required to retire
SHA-1 and replace it with....{something better}
shouldnt this be a massive warning to start 'now'?
Just because its not broke today, who can fix it in time and do proper
testing instantly?
Dan Steinberg
SYNTHESIS:Law & Technology
35, du Ravin phone: (613) 794-5356
Chelsea, Quebec
J9B 1N1 e-mail:synthesis@xxxxxxxxxxxx
David Farber wrote:
>------ Forwarded Message
>From: Von Welch <vwelch@xxxxxxxxxxxxx>
>Date: Wed, 16 Feb 2005 09:45:28 -0600
>To: <dave@xxxxxxxxxx>
>Subject: Re: [IP] SHA-1 cracked?
>
>
>Dave,
>
> Before spreading too much concern over SHA-1 being cracked, please
>read Steve Bellovin's note below. Folks need to understand the
>what "cracked" or "broken" means to cryptographers; this doesn't
>necessarily have immediate implications for the world in practice.
>
>Von
>
>------- start of forwarded message -------
>Delivered-To: cryptography@xxxxxxxxxxxx
>From: "Steven M. Bellovin" <smb@xxxxxxxxxxxxxxx>
>To: cryptography@xxxxxxxxxxxx
>Subject: SHA-1 cracked
>Date: Tue, 15 Feb 2005 23:29:43 -0500
>
>According to Bruce Schneier's blog
>(http://www.schneier.com/blog/archives/2005/02/sha1_broken.html), a
>team has found collisions in full SHA-1. It's probably not a practical
>threat today, since it takes 2^69 operations to do it and we haven't
>heard claims that NSA et al. have built massively parallel hash
>function collision finders, but it's an impressive achievement
>nevertheless -- especially since it comes just a week after NIST stated
>that there were no successful attacks on SHA-1.
>
> --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb
>
>
>
>---------------------------------------------------------------------
>
>David Farber writes (10:21 February 16, 2005):
> >
> > ------ Forwarded Message
> > From: Rodney Joffe <rjoffe@xxxxxxxxxxxxxx>
> > Date: Wed, 16 Feb 2005 07:36:36 -0700
> > To: Dave Farber <dave@xxxxxxxxxx>
> > Subject: SHA-1 cracked?
> >
> > For IP
> >
> > Hi Dave,
> >
> > Bruce Schneier is reporting in his blog that SHA-1 appears to have been
> > broken by a Chinese group, and that is has collisions "in the the full
>SHA-1
> > in 2**69 hash operations, much less than the brute-force attack of 2**80
> > operations based on the hash length.".
> >
> > This could have non-trivial implications for many current commercial
> > operations.
> >
> > http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
> >
> > Rodney Joffe
> > Chairman and CTO
> > UltraDNS Corporation
> >
> >
> >
> >
> >
> > ------ End of Forwarded Message
> >
> >
>
>
>
>
>
>
--
Dan Steinberg
SYNTHESIS:Law & Technology
35, du Ravin phone: (613) 794-5356
Chelsea, Quebec
J9B 1N1 e-mail:synthesis@xxxxxxxxxxxx
------ End of Forwarded Message
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/