Irmen de Jong <[EMAIL PROTECTED]> writes: > > Also, the new findings only apply to hash collisions, not to the > > invertibility of SHA1 hashes - thus, as Schneier points out, uses of > > keyed hashes (such as HMAC) are not compromised by this. > > What about HMAC-MD5?
HMAC-MD5 and HMAC-SHA1 should be affected by the vulnerability in about the same way. Based on some reasonable assumptions both should still be secure. Note also that the 2**69 attack against SHA1 is an important theoretical result, but nowhere near as bad a practical vulnerability as the md5 break which allowed finding real collisions in a few cpu-hours. As someone on sci.crypt explained the SHA1 attack, "in motor vehicle terms, SHA1 is a tank and they have discovered a way to scratch the paint". -- http://mail.python.org/mailman/listinfo/python-list
