Back to list
Bruce Schneier reports SHA-1 Broken
Feb 16 2005 01:11PM
David Baker (bakerd mitre org)
Re: Bruce Schneier reports SHA-1 Broken
Feb 16 2005 05:55PM
Valdis Kletnieks vt edu
On Wed, 16 Feb 2005 08:11:39 EST, David Baker said:
> This is a follow up on the issue with hashing, which was brought up before wi
> SHA-0 and MD4/5. The paper describing the problem has apparently not been
> released yet, but Bruce posted some info here:
> I see nothing there that poses a "real" use scenario where it would be of
> significant concern, but this certainly adds impetus to the NIST move to SHA-256.
Before I went out migrating to SHA-256, I'd wait for the rubble to stop bouncing.
Remember that SHA-256, -384, and -512 are structurally quite similar to SHA-1, and
it's *NOT* a proven that the supposed attack on -1 doesn't also break (or at least
severely weaken) them as well.
On the other hand, when the crypto community has had a chance to read the paper and
if there's agreement that the attack *doesn't* also break -256, it would be a good
idea to start migrating....
[ reply ]
Copyright 2010, SecurityFocus