--- begin forwarded text
Delivered-To: [EMAIL PROTECTED]
From: "Serguei Osokine" <[EMAIL PROTECTED]>
To: "Peer-to-peer development." <[EMAIL PROTECTED]>
Subject: RE: [p2p-hackers] SHA1 broken?
Date: Wed, 16 Feb 2005 00:11:07 -0800
Reply-To: [EMAIL PROTECTED],
"Peer-to-peer development." <[EMAIL PROTECTED]>
Sender: [EMAIL PROTECTED]
> # * collisions in the the full SHA-1 in 2**69 hash operations,
> # much less than the brute-force attack of 2**80 operations...
Okay, so the effective SHA-1 length is 138 bits instead of full
160 - so what's the big deal? It is still way more than, say, MD5
length. And MD5 is still widely used for stuff like content id'ing
in various systems, because even 128 bits is quite a lot, never
mind 138 bits.
Best wishes -
S.Osokine.
16 Feb 2005.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Behalf Of Gordon Mohr (@ Bitzi)
Sent: Tuesday, February 15, 2005 9:41 PM
To: p2p-hackers
Subject: [p2p-hackers] SHA1 broken?
Via Slashdot, as reported by Bruce Schneier:
http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
Schneier writes:
# SHA-1 Broken
#
# SHA-1 has been broken. Not a reduced-round version. Not a
# simplified version. The real thing.
#
# The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu
# (mostly from Shandong University in China) have been quietly
# circulating a paper announcing their results:
#
# * collisions in the the full SHA-1 in 2**69 hash operations,
# much less than the brute-force attack of 2**80 operations
# based on the hash length.
#
# * collisions in SHA-0 in 2**39 operations.
#
# * collisions in 58-round SHA-1 in 2**33 operations.
#
# This attack builds on previous attacks on SHA-0 and SHA-1, and
# is a major, major cryptanalytic result. It pretty much puts a
# bullet into SHA-1 as a hash function for digital signatures
# (although it doesn't affect applications such as HMAC where
# collisions aren't important).
#
# The paper isn't generally available yet. At this point I can't
# tell if the attack is real, but the paper looks good and this
# is a reputable research team.
#
# More details when I have them.
- Gordon @ Bitzi
_______________________________________________
p2p-hackers mailing list
[EMAIL PROTECTED]
http://zgp.org/mailman/listinfo/p2p-hackers
_______________________________________________
Here is a web page listing P2P Conferences:
http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences
_______________________________________________
p2p-hackers mailing list
[EMAIL PROTECTED]
http://zgp.org/mailman/listinfo/p2p-hackers
_______________________________________________
Here is a web page listing P2P Conferences:
http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences
--- end forwarded text
--
-----------------
R. A. Hettinga <mailto: [EMAIL PROTECTED]>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
