--- begin forwarded text
Delivered-To: [EMAIL PROTECTED] Date: Wed, 16 Feb 2005 01:10:13 -0800 From: "Gordon Mohr (@ Bitzi)" <[EMAIL PROTECTED]> User-Agent: Mozilla Thunderbird 1.0 (X11/20041206) To: "Peer-to-peer development." <[EMAIL PROTECTED]> Subject: Re: [p2p-hackers] SHA1 broken? Reply-To: "Peer-to-peer development." <[EMAIL PROTECTED]> Sender: [EMAIL PROTECTED] Serguei Osokine wrote: >># * collisions in the the full SHA-1 in 2**69 hash operations, >># much less than the brute-force attack of 2**80 operations... > > > Okay, so the effective SHA-1 length is 138 bits instead of full > 160 - so what's the big deal? If the results hold up: SHA1 is not as strong as it was designed to be, and its effective strength is being sent in the wrong direction, rather than being confirmed, by new research. Even while maintaining that SHA1 was unbroken and likely to remain so just last week, NIST was still recommending that SHA1 be phased out of government use by 2010: http://www.fcw.com/fcw/articles/2005/0207/web-hash-02-07-05.asp One more paper from a group of precocious researchers anywhere in the world, or unpublished result exploited in secret, could topple SHA1 from practical use entirely. Of course, that's remotely possible with any hash, but the pattern of recent results suggest that a further break is now more likely with SHA1 (and related hashes) than others. So the big deal would be: don't rely on SHA1 in any applications you intend to have a long effective life. > It is still way more than, say, MD5 > length. And MD5 is still widely used for stuff like content id'ing > in various systems, because even 128 bits is quite a lot, never > mind 138 bits. Just because it's widely used doesn't mean it's a good idea. MD5 should not be used for content identification, given the ability to create content pairs with the same MD5, with one version being (and appearing and acquiring a reputation for being) innocuous, and the other version malicious. - Gordon @ Bitzi _______________________________________________ p2p-hackers mailing list [EMAIL PROTECTED] http://zgp.org/mailman/listinfo/p2p-hackers _______________________________________________ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences --- end forwarded text -- ----------------- R. A. Hettinga <mailto: [EMAIL PROTECTED]> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
