Security Basics mailing list archives

RES: sha-1 cryptography

From: "Rodrigo Fernandez" <RodrigoFernandez () cetip com br>
Date: Thu, 22 Dec 2005 17:48:01 -0200

Hi,

This are my 2cents, correct me if I'm wrong, please...

SHA-1 is not a criptographic algorithm, it's a hash algorithm, and it is known that SHA-1 just as all others SHA
algorithms have a finite number os possibilities for a hash code. It means that two objects could generate the same
hash code.

The person who "broke" it, simply found two completely different objects with the same hash. Nowadays, there are
stronger SHA's algorithms, such as SHA-512, with 512 bits combination, which is much more difficult to find hash in
common. Remeber, they're still finite...

I could not tell you the opinion of specialysts, but I can sure tell you that you should always use the harder
algorithm you can!

[]s

-----Mensagem original-----
De: Enquiries [mailto:enquiries () globalart4u com]
Enviada em: terça-feira, 20 de dezembro de 2005 16:37
Para: Security-Basics (E-mail)
Assunto: sha-1 cryptography

Dear All

I understand that SHa-1 cryptography has been broken by the same person who
broke MD5, xiaoyun Wang. So what does that mean for password security and
credit card transactions etc. Does that mean we will need to look for other
stronger cryptography solutions and if yes what do you recommend, especially
for passwords?

thanks

Tallat

www.macklamm.com - moving to brussels? looking for accommodation?
www.globalart4u.com - art and crafts - give the gift of originality
www.macklamm.org - latest list of vat exempt gold coins for investment now
available

--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.14.1/207 - Release Date: 19/12/05

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------
*******************************************************************************************
Atenção: Esta mensagem foi enviada para uso exclusivo do(s) destinatários(s) acima
identificado(s), podendo conter informações e/ou documentos
confidencias/privilegiados e seu sigilo é protegido por lei.
Caso você tenha recebido por engano, por favor, informe o remetente e apague-a de
seu sistema.
Notificamos que é proibido por lei a sua retenção, disseminação, distribuição, cópia ou
uso sem expressa autorização do remetente.
Opiniões pessoais do remetente não refletem, necessariamente, o ponto de vista da
CETIP, o qual é divulgado somente por pessoas autorizadas.

Attention: This message was sent for exclusive use of the addressees above
identified, being able to contain information and or privileged/confidential documents
and law protects its secrecies.
In case that you it has received for deceit, please, it informs the shipper and erases it
of your system.
We notify that law forbids its retention, dissemination, distribution, copy or use without
express authorization.
Personal opinions of the shipper do not reflect, necessarily, the point of view of the
CETIP, which is only divulged by authorized people.
*******************************************************************************************

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------

Current thread:

RES: sha-1 cryptography Rodrigo Fernandez (Dec 26)
- Re: sha-1 cryptography Saqib Ali (Dec 28)