By very definition collisions will occur in any digest algorithm. The only way to have no collisions would be to have a hash as long as the data, then have the algorithm perfectly distribute the hashes. So collisions are extremely common (in a statistical sense). The real notion behind a hash is that if there are differences in a stream of data the resulting hash will have a very high probability of not matching the original hash. What this document is saying is that the hash does not provide a perfectly random distribution of hash values across input data; there is some relation or predictability in the algorithm that can reduce the effectiveness of the hash. In other words to brute force a hash requires less iterations than 2^HashBitsSize. It is not "broken" or completely useless (at least not according to this). And even if a collision can be created, the colliding data stream would have to be similar enough in context to the original that it could be used in "context" and the tampering not be noticed. Imagine a hash of a spreadsheet that collides with the hash of another spreadsheet that is similar enough to the original but contains the forgery needed to exploit the spreadsheet with the intened alteration and nothing else that would indicate a change. When you look at the data in context the probably of a meaninful collision is greatly reduced. So I'm not so worried, especially for data that does not need a super high degree of authenticity. If I had data that sensitive I would send multiple hashes with different algorithms. The probably of a collision across to algorithims is much smaller. Craig ________________________________
From: [EMAIL PROTECTED] on behalf of Michael Halcrow
Sent: Wed 02/16/2005 8:25 PM
To: BYU Unix Users Group
Subject: Re: [uug] SHA-1 is probably broken
On Wed, Feb 16, 2005 at 08:04:28PM -0700, Stuart Jansen wrote:
> On Wed, 2005-02-16 at 09:31 -0600, Michael Halcrow wrote:
> > On Tue, Feb 15, 2005 at 10:05:17PM -0700, Stuartyin Jansen wrote:
> > > I'm curious what the motivation for that decision is.
> >
> > Right. That's why I am not signing any messages until the situation
> > gets ironed out. It is looking like all PGP digital signatures are
> > now subject to forgery.
>
> I find it curious that you only replied to half of my message.
I just sent the other half, which I think addresses your car lock
issue.
Mike
.___________________________________________________________________.
Michael A. Halcrow
Security Software Engineer, IBM Linux Technology Center
GnuPG Fingerprint: 05B5 08A8 713A 64C1 D35D 2371 2D3C FDDA 3EB6 601D
"Computers are useless. They can only give you answers."
- Pablo Picasso
<<winmail.dat>>
-------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
