--- begin forwarded text

Delivered-To: [EMAIL PROTECTED]
Date: Wed, 16 Feb 2005 01:10:13 -0800
From: "Gordon Mohr (@ Bitzi)" <[EMAIL PROTECTED]>
User-Agent: Mozilla Thunderbird 1.0 (X11/20041206)
To: "Peer-to-peer development." <[EMAIL PROTECTED]>
Subject: Re: [p2p-hackers] SHA1 broken?
Reply-To: "Peer-to-peer development." <[EMAIL PROTECTED]>
Sender: [EMAIL PROTECTED]

Serguei Osokine wrote:
>>#   * collisions in the the full SHA-1 in 2**69 hash operations,
>>#     much less than the brute-force attack of 2**80 operations...
>
>
> Okay, so the effective SHA-1 length is 138 bits instead of full
> 160 - so what's the big deal?

If the results hold up:

SHA1 is not as strong as it was designed to be, and its effective
strength is being sent in the wrong direction, rather than being
confirmed, by new research.

Even while maintaining that SHA1 was unbroken and likely to
remain so just last week, NIST was still recommending that SHA1 be
phased out of government use by 2010:

   http://www.fcw.com/fcw/articles/2005/0207/web-hash-02-07-05.asp

One more paper from a group of precocious researchers anywhere in
the world, or unpublished result exploited in secret, could topple
SHA1 from practical use entirely. Of course, that's remotely possible
with any hash, but the pattern of recent results suggest that a
further break is now more likely with SHA1 (and related hashes)
than others.

So the big deal would be: don't rely on SHA1 in any applications
you intend to have a long effective life.

> It is still way more than, say, MD5
> length. And MD5 is still widely used for stuff like content id'ing
> in various systems, because even 128 bits is quite a lot, never
> mind 138 bits.

Just because it's widely used doesn't mean it's a good idea.

MD5 should not be used for content identification, given the ability
to create content pairs with the same MD5, with one version being
(and appearing and acquiring a reputation for being) innocuous, and
the other version malicious.

- Gordon @ Bitzi
_______________________________________________
p2p-hackers mailing list
[EMAIL PROTECTED]
http://zgp.org/mailman/listinfo/p2p-hackers
_______________________________________________
Here is a web page listing P2P Conferences:
http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: [EMAIL PROTECTED]>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Reply via email to