BugTraq
SHA-1 broken Feb 16 2005 12:56PM
Gadi Evron (gadi tehila gov il) (5 replies)
Re: SHA-1 broken Feb 17 2005 02:44PM
Jonathan G. Lampe (jonathan lampe standardnetworks com)
Re: SHA-1 broken Feb 17 2005 01:28AM
Steve Friedl (steve unixwiz net)
Re: SHA-1 broken Feb 17 2005 01:25AM
Robert Sussland (robert inkwood org) (1 replies)
Re: SHA-1 broken Feb 17 2005 10:42PM
dullien gmx de (2 replies)
Re: SHA-1 broken Feb 19 2005 05:24PM
Darren Reed (avalon caligula anu edu au) (1 replies)
Re: SHA-1 broken Feb 19 2005 05:41PM
dullien gmx de
Re: SHA-1 broken Feb 19 2005 01:22PM
Tollef Fog Heen (tfheen err no) (1 replies)
Re: SHA-1 broken Feb 20 2005 09:45AM
Denis Jedig (seclists syneticon de)
Re: SHA-1 broken Feb 17 2005 01:02AM
Michael Cordover (michael cordover gmail com) (3 replies)
Re: SHA-1 broken Feb 18 2005 02:22AM
Dan Harkless (bugtraq harkless org)
Re: SHA-1 broken Feb 17 2005 11:32PM
D.J. Capelis (djcapelisp yahoo com) (1 replies)
Re: SHA-1 broken Feb 19 2005 03:37AM
Michael Cordover (michael cordover gmail com)
Re: SHA-1 broken Feb 17 2005 10:39PM
dullien gmx de
Re: SHA-1 broken Feb 16 2005 11:27PM
Kent Borg (kentborg borg org)
On Wed, Feb 16, 2005 at 02:56:27PM +0200, Gadi Evron wrote:
> Now, we've all seen this coming for a while.
> http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
>
> Where do we go from here?

I am feeling smug that in a project I am working on I earlier decided
our integrity hashes would be a concatenation of MD5 and SHA-1, not
that that's a fix, but it helps.

I am also appreciating that hashes are used (this project included)
for many different things, not all of which are directly affected by
this break. Yes, this is a bad omen for the longevity of SHA-1 for
other uses, so we will keep an eye on it.

Something I am intrigued about is more sophiticated compositions of,
say, SHA-1 and MD5.

-kb

[ reply ]
 

Privacy Statement
Copyright 2010, SecurityFocus