On Wed, 16 Feb 2005, Josh Coates wrote: > first off, i'm just like most engineers - we dont just blindly give > credibility to "quoted experts" - we examine things ourselves, and right > now, there is nothing to examine except a bunch of blogs.
I'm not much of one for "appeal to authority", so I'm right with you on this one. However, I'm not quite sure what your claims are. That since the details of this probable "break" are unknown that we should not worry about it? That since the probable break still requires so much computing power that we don't need to worry even if it does turn out to be true? > and finally, since we really don't know anything about the SHA-1 work they > did, it's all hysterical speculation. sorry i'm not more hysterical about > it, but if it's anything like their md5 paper, then i don't think it's a big > deal unless you are a cryptophile - in which case, it's fun to talk about > and rant and rave about the grave implications, blah blah blah - but it's > mostly "move along, nothing to see here." There are quite a lot of implications of something like this SHA-1 break, and although your "voice of reason" is perhaps needed to keep us all from playing Chicken Little, I don't think any of us (even Halcrow) really think the sky is falling. But as computing professionals (which many of us are), even something as trivial as the MD5 or SHA-1 breaks are important to us. Whenever we write a piece of software that uses one of these hashes, we can no longer say, "It's computationally infeasible to generate any sort of collisions at all." This *may* make a difference on which algorithm we choose to use, or how we choose to implement it. > but hey, i'm not mr. crypto-zealot, and maybe i'm missing something here. i > like learning new things, so if you can explain to us in simple terms why we > should be gravely concerned about a SHA1 collision in 2^69 hashes, i'd love > to hear about. I'll give you one reason you could be concerned about it (apart from bringing it to your attention that SHA-1 should be phased out, which apparently you already knew even before the break so it wasn't a big deal to you) ... not a lot of research has gone into breaking cryptographically secure hash functions in the past. Currently, there is a lot of research happening, and so far it looks like the hash functions are getting broken pretty darn fast. Maybe in five or ten years, so much work is done on the subject that it makes basically impossible to create a hash function that is cryptographically secure by today's standards. That would be quite an interesting turnout. ~ Ross -------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
