On Wed, 16 Feb 2005 08:11:39 EST, David Baker said:
> This is a follow up on the issue with hashing, which was brought up before wi
th
> SHA-0 and MD4/5. The paper describing the problem has apparently not been
> released yet, but Bruce posted some info here:
>
> http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
>
> I see nothing there that poses a "real" use scenario where it would be of
> significant concern, but this certainly adds impetus to the NIST move to SHA-256.
Before I went out migrating to SHA-256, I'd wait for the rubble to stop bouncing.
Remember that SHA-256, -384, and -512 are structurally quite similar to SHA-1, and
it's *NOT* a proven that the supposed attack on -1 doesn't also break (or at least
severely weaken) them as well.
On the other hand, when the crypto community has had a chance to read the paper and
if there's agreement that the attack *doesn't* also break -256, it would be a good
idea to start migrating....
> This is a follow up on the issue with hashing, which was brought up before wi
th
> SHA-0 and MD4/5. The paper describing the problem has apparently not been
> released yet, but Bruce posted some info here:
>
> http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
>
> I see nothing there that poses a "real" use scenario where it would be of
> significant concern, but this certainly adds impetus to the NIST move to SHA-256.
Before I went out migrating to SHA-256, I'd wait for the rubble to stop bouncing.
Remember that SHA-256, -384, and -512 are structurally quite similar to SHA-1, and
it's *NOT* a proven that the supposed attack on -1 doesn't also break (or at least
severely weaken) them as well.
On the other hand, when the crypto community has had a chance to read the paper and
if there's agreement that the attack *doesn't* also break -256, it would be a good
idea to start migrating....
[ reply ]