Bugtraq mailing list archives
Re: SHA-1 broken
From: Dan Harkless <bugtraq () harkless org>
Date: Thu, 17 Feb 2005 18:22:31 -0800
On February 17, 2005, Michael Cordover <michael.cordover () gmail com> wrote:
On Wed, 16 Feb 2005 14:56:27 +0200, Gadi Evron <gadi () tehila gov il> wrote:Where do we go from here?The standard response to "where to now" seems to be Whirlpool [http://planeta.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html]. That or Tiger [http://www.cs.technion.ac.il/~biham/Reports/Tiger/].
There has indeed been a lot of positive buzz about Whirlpool. I have seen comments, though, that Whirlpool is quite slow, but that Tiger is pretty reasonable on 64-bit CPUs. No doubt we'll see more analyses of these as the old standbys start to look more and more shaky.
The team which has cracked SHA1 is the same that cracked MD5 and exposed weaknesses in the RIPEMD model. They're good. And they've shown that what I would've thought to be the Next Best Thing - RIPEMD
Yeah, for instance RIPEMD-160 is the only other message digest algorithm currently implemented in the OpenSSL library that would be worth using (other than perhaps MDC2, which I haven't seen much discussion of -- it's apparently a method of constructing a 128-bit output hash function out of a block cipher -- the OpenSSL implementation uses DES).
- is yet another flawed system.
The original RIPEMD is indeed flawed, as shown by Hans Dobbertin in '95 for a reduced-round version and by the Chinese team for the full-round version. However, I have not seen analysis saying that this weakness also applies to RIPEMD-128 / RIPEMD-160 / RIPEMD-256 / RIPEMD-320 (<http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html>), the strengthened versions which were co-developed by Dobbertin in '96, partially in response to the weakness that he found. Pages like The Hashing Function Lounge (<http://planeta.terra.com.br/informatica/paulobarreto/hflounge.html>) agree with this separation of RIPEMD vs. the RIPEMD-160 family. -- Dan Harkless http://harkless.org/dan/
Current thread:
- SHA-1 broken Gadi Evron (Feb 16)
- Re: SHA-1 broken Kent Borg (Feb 17)
- Re: SHA-1 broken Michael Cordover (Feb 17)
- Re: SHA-1 broken dullien (Feb 19)
- Re: SHA-1 broken D.J. Capelis (Feb 19)
- Re: SHA-1 broken Michael Cordover (Feb 20)
- Re: SHA-1 broken Dan Harkless (Feb 19)
- Re: SHA-1 broken Robert Sussland (Feb 17)
- Re: SHA-1 broken dullien (Feb 19)
- Re: SHA-1 broken Darren Reed (Feb 19)
- Re: SHA-1 broken dullien (Feb 19)
- Re: SHA-1 broken Tollef Fog Heen (Feb 19)
- Re: SHA-1 broken Denis Jedig (Feb 21)
- Re: SHA-1 broken dullien (Feb 19)
- <Possible follow-ups>
- RE: SHA-1 broken Scovetta, Michael V (Feb 17)
- RE: SHA-1 broken Frank Knobbe (Feb 21)