Bugtraq mailing list archives
Re: SHA-1 broken
From: Michael Silk <michaelsilk () gmail com>
Date: Fri, 18 Feb 2005 21:58:35 -0800
I agree that an anaylsis of their results is nice and important, but also I don't think that it will neccessarily lead to a new "perfect" hashing function we can implement and forget about. A nicer idea is to implement better code that allows us to modify our internal hashing algorithms whenever we like, so that if (and when?) new hashing strategies are broken (even by virtue of faster computing power) we can adapt easily. At least, this is the approach I'll be taking to the problem. -- Michael On Sat, 19 Feb 2005 00:42:56 -0500, Anatole Shaw <shaw_bugtraq20050218 () autoloop com> wrote:
Sadly, there is no magic bullet for the SHA-1 problem. Let me say, in classic Bugtraq style, that I believe the "temporary workaround for this vulnerability" is to move to SHA-512 as quickly as possible. NIST was going to recommend SHA-256 and SHA-512 by 2010, but for the security-conscious the time is now. The "computer security response" should not be to re-jigger the hashes, bet on crypto tricks that haven't seen any review, and guess at the computational complexity of the result. The only fix will be informed analysis of the new paper from the Chinese team (which hasn't even been released yet) and the informed development of a solid cryptographic response. Anatole
Current thread:
- Re: SHA-1 broken, (continued)
- Re: SHA-1 broken Steve Friedl (Feb 17)
- Re: SHA-1 broken Jonathan G. Lampe (Feb 17)
- RE: SHA-1 broken Scovetta, Michael V (Feb 17)
- RE: SHA-1 broken Frank Knobbe (Feb 21)
- RE: SHA-1 broken Michael Silk (Feb 19)
- Re: SHA-1 broken exon (Feb 19)
- Re: SHA-1 broken Peter J. Holzer (Feb 21)
- Re: SHA-1 broken Brian May (Feb 19)
- Re: SHA-1 broken exon (Feb 19)
- Re: SHA-1 broken Michael Silk (Feb 19)
- Re: SHA-1 broken Anatole Shaw (Feb 19)
- Re: SHA-1 broken Michael Silk (Feb 19)
- Re: SHA-1 broken peeon+securityfocus (Feb 21)
- Re: SHA-1 broken Peter Jeremy (Feb 21)
- Re: SHA-1 broken Anatole Shaw (Feb 19)
- Re: SHA-1 broken securityfocus (Feb 19)
- Re: SHA-1 broken Damian Menscher (Feb 21)
- Re: SHA-1 broken Paul Johnston (Feb 21)
- Re: SHA-1 broken Michael Silk (Feb 21)
- Re: SHA-1 broken exon (Feb 21)