Bugtraq mailing list archives

Re: SHA-1 broken

From: Tollef Fog Heen <tfheen () err no>
Date: Sat, 19 Feb 2005 14:22:12 +0100

* 

| Hey all,
| 
| > We abandon the requirement of collision resistance. This is a
| > strange requirement, and is not supported by experience. Collision
| > resistance
| 
| we might think of changing the requirement of collision resistance
| to "collision resistance in input data that is valid ASCII text". The
| attacks on MD5 used the weak avalanche of the highest-order bit
| in 32-bit words for producing the collision, basically precluding the
| possibility of generating colliding ASCII text.

That's not really useful is you want to sign something in non-English
languages.  Valid UTF8 might be a decent requirement, though.

-- 
Tollef Fog Heen                                                        ,''`.
UNIX is user friendly, it's just picky about who its friends are      : :' :
                                                                      `. `' 
                                                                        `-

Current thread:

Re: SHA-1 broken, (continued)
- Re: SHA-1 broken Kent Borg (Feb 17)
- Re: SHA-1 broken Michael Cordover (Feb 17)
  - Re: SHA-1 broken dullien (Feb 19)
  - Re: SHA-1 broken D.J. Capelis (Feb 19)
    - Re: SHA-1 broken Michael Cordover (Feb 20)
  - Re: SHA-1 broken Dan Harkless (Feb 19)
- Re: SHA-1 broken Robert Sussland (Feb 17)
  - Re: SHA-1 broken dullien (Feb 19)
    - Re: SHA-1 broken Darren Reed (Feb 19)
    - Re: SHA-1 broken dullien (Feb 19)
    - Re: SHA-1 broken Tollef Fog Heen (Feb 19)
    - Re: SHA-1 broken Denis Jedig (Feb 21)
- Re: SHA-1 broken Steve Friedl (Feb 17)
- Re: SHA-1 broken Jonathan G. Lampe (Feb 17)
- RE: SHA-1 broken Scovetta, Michael V (Feb 17)
  - RE: SHA-1 broken Frank Knobbe (Feb 21)
- RE: SHA-1 broken Michael Silk (Feb 19)
  - Re: SHA-1 broken exon (Feb 19)
    - Re: SHA-1 broken Peter J. Holzer (Feb 21)
  - Re: SHA-1 broken Brian May (Feb 19)
- Re: SHA-1 broken Michael Silk (Feb 19)

(Thread continues...)