Steven M. Bellovin wrote:
According to Bruce Schneier's blog
(http://www.schneier.com/blog/archives/2005/02/sha1_broken.html), a
team has found collisions in full SHA-1. It's probably not a practical
threat today, since it takes 2^69 operations to do it and we haven't
heard claims that NSA et al. have built massively parallel hash
function collision finders, but it's an impressive achievement
nevertheless -- especially since it comes just a week after NIST stated
that there were no successful attacks on SHA-1.
Stefan Brands just posted on my blog (and I saw
reference to this in other blogs, posted anon)
saying that "it seems that Schneier forgot to
mention that the paper has a footnote which
says that the attack on full SHA-1 only works
if some padding (which SHA-1 requires) is not
done."
http://www.financialcryptography.com/mt/archives/000355.html
I think this might be an opportune time to introduce a
new way of looking at algorithms. I've written it up
in draft (excuse the postit notes) :
http://iang.org/papers/pareto_secure.html
In short, what I do is apply the concepts of the econ
theory of "Pareto efficiency" to the metric of security.
This allows a definition of what we mean by "secure"
which is quite close to colloquial usage; in the
language so introduced, I'd suggest that SHA-1 used
to be Pareto-complete, and is now Pareto-secure for
certain applications. I have a little table down
the end that now needs to be updated!
Comments welcome, it is not a long nor mathematical
paper! Some small consolation for those not at the
RSA conference.
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
