On 2009 Apr 30, at 4:31 , Perry E. Metzger wrote:
Eric Rescorla <[email protected]> writes:
McDonald, Hawkes and Pieprzyk claim that they have reduced the
collision
strength of SHA-1 to 2^{52}.
Slides here:
http://eurocrypt2009rump.cr.yp.to/
837a0a8086fa6ca714249409ddfae43d.pdf
Thanks to Paul Hoffman for pointing me to this.
This is a very important result. The need to transition from SHA-1
is no
longer theoretical.
It already wasn't theoretical... if you know what I mean. The writing
has been on the wall since Wang's attacks four years ago.
BTW, it is my (our) opinion that the current attacks can't be extended
to the SHA-2 family, due to the avalanche effect in the data
expansion, which is significantly different to the designs of its
ancestors. SHA-2 would need a new breakthrough.
Greg.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [email protected]
