Re: [PLUG] SHA-1 Broken

Aaron Mulder on 15 Mar 2005 19:49:00 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] SHA-1 Broken

From: Aaron Mulder <ammulder@alumni.princeton.edu>

To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Subject: Re: [PLUG] SHA-1 Broken

Date: Tue, 15 Mar 2005 14:51:24 -0500 (EST)

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

I thought the capsule summary was "SHA-1 is not broken today, but we should start preparing alternatives sooner than we thought we'd need to". In other words, with a truly gross hardware budget you can find a big wad of gibberish that has the same hash as a real message. But there's no meaningful attack yet (finding hostile text that hashes the same as a real message). Still, the fact that it's now 10^12 times as easy to break as it was last week means that it's not as future-proof as we thought. Hopefully SHA-256, etc. will become the default algorithms by the time any meaningful attacks are ready. Still, I suspect the NSA isn't interested in cracking me, so I'm probably not taking this as seriously as some. Aaron On Tue, 15 Mar 2005, LeRoy Cressy wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Today in the Wall Street Journal and Bruce Schneier have described how > how SHA-1 is broken as shown in the following URL. > > http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html > > The default signature hash in GnuPG is SHA-1. Though the signature is > verified, it seems that Bruce Schneier and others seem to indicate that > there should be a new hash made that is a lot tighter. > > What do some of you think? > > LeRoy :-) > > - -- > Rev. LeRoy D. Cressy mailto:leroy@lrcressy.com /\_/\ > http://lrcressy.com ( o.o ) > Phone: 215-535-4037 > ^ < > FAX: 215-535-4285 > > gpg fingerprint: 62DE 6CAB CEE1 B1B3 359A 81D8 3FEF E6DA 8501 AFEA > > For info on enigmail: http://lrcressy.com/linux/mozilla.pdf > For info on gpg: http://www.gnupg.org/ > > Jesus saith unto him, I am the way, the truth, and the life: > no man cometh unto the Father, but by me. (John 14:6) > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.5 (GNU/Linux) > Comment: Using GnuPG with Debian - http://enigmail.mozdev.org > > iD8DBQFCNzljP+/m2oUBr+oRAvsVAKCD88nc0PKlR1BAyxINjCeGDkUnaQCfTEKE > 0tCNaUHUNXUjWuRAiDNhmnI= > =IKr7 > -----END PGP SIGNATURE----- > ___________________________________________________________________________ > Philadelphia Linux Users Group -- http://www.phillylinux.org > Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce > General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug > ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

References:

[PLUG] SHA-1 Broken
From: LeRoy Cressy <ldc@lrcressy.com>

Prev by Date: [PLUG] SHA-1 Broken

Next by Date: Re: [PLUG] teaching linux to the next generation

Previous by thread: [PLUG] SHA-1 Broken

Next by thread: [PLUG] Create your own Live Linux CD

Index(es):

Date

Thread