Bugtraq mailing list archives
Re: SHA-1 broken
From: <securityfocus () microtechnical co uk>
Date: 19 Feb 2005 09:53:33 -0000
In-Reply-To: <011401c51541$fdafedb0$0400a8c0@p14n> I think Thomas has a good point here. We must separate the academic mathematical arguement about collisions from it's application in the real world. It may be that there are collisions in both MD5 and SHA-1 but have they any actual bearing on the use and application of these hashes in the real world? In human fingerprint forensics it is possible for 2 finger prints to be 'apparently' identical. However if we are looking for a 'cat burgular' in Los Angeles and the 'identical' match is from a 6 year old boy in Cape Town the collision in this case is academic. In much the same way if the original text was 'I owe you 1 million dollars' and the collision text was 'sdf86*&6989h,mni lkj99j' its not significant. Both MD5 and SHA-1 are still useful in the real world. Nick Pringle
Hey all,We abandon the requirement of collision resistance. This is a strange requirement, and is not supported by experience. Collision resistancewe might think of changing the requirement of collision resistance to "collision resistance in input data that is valid ASCII text". The attacks on MD5 used the weak avalanche of the highest-order bit in 32-bit words for producing the collision, basically precluding the possibility of generating colliding ASCII text. Cheers, Thomas Dullien
Current thread:
- RE: SHA-1 broken, (continued)
- RE: SHA-1 broken Frank Knobbe (Feb 21)
- RE: SHA-1 broken Michael Silk (Feb 19)
- Re: SHA-1 broken exon (Feb 19)
- Re: SHA-1 broken Peter J. Holzer (Feb 21)
- Re: SHA-1 broken Brian May (Feb 19)
- Re: SHA-1 broken exon (Feb 19)
- Re: SHA-1 broken Michael Silk (Feb 19)
- Re: SHA-1 broken Anatole Shaw (Feb 19)
- Re: SHA-1 broken Michael Silk (Feb 19)
- Re: SHA-1 broken peeon+securityfocus (Feb 21)
- Re: SHA-1 broken Peter Jeremy (Feb 21)
- Re: SHA-1 broken Anatole Shaw (Feb 19)
- Re: SHA-1 broken securityfocus (Feb 19)
- Re: SHA-1 broken Damian Menscher (Feb 21)
- Re: SHA-1 broken Paul Johnston (Feb 21)
- Re: SHA-1 broken Michael Silk (Feb 21)
- Re: SHA-1 broken exon (Feb 21)