Bryan Olson <[EMAIL PROTECTED]> writes: > I haven't kept up. Has anyone exhibited a SHA-1 collision?
I don't think anyone has shown an actual collision, but apparently there is now a known way to find them in around 2**63 operations. I don't know if it parallellizes as well as a brute force attack does. If it does, then it's presumably within reach of the distributed attacks like the ones used against DES in the late 1990's, given the hardware speedups that have occurred since then. NIST is trying to phase out SHA-1 by 2010. http://en.wikipedia.org/wiki/SHA1#Cryptanalysis_of_SHA-1 http://csrc.nist.gov/hash_standards_comments.pdf -- http://mail.python.org/mailman/listinfo/python-list