BugTraq
SHA-1 broken Feb 16 2005 12:56PM
Gadi Evron (gadi tehila gov il) (5 replies)
Re: SHA-1 broken Feb 17 2005 02:44PM
Jonathan G. Lampe (jonathan lampe standardnetworks com)
Re: SHA-1 broken Feb 17 2005 01:28AM
Steve Friedl (steve unixwiz net)
Re: SHA-1 broken Feb 17 2005 01:25AM
Robert Sussland (robert inkwood org) (1 replies)
Re: SHA-1 broken Feb 17 2005 10:42PM
dullien gmx de (2 replies)
Re: SHA-1 broken Feb 19 2005 05:24PM
Darren Reed (avalon caligula anu edu au) (1 replies)
Re: SHA-1 broken Feb 19 2005 05:41PM
dullien gmx de
Re: SHA-1 broken Feb 19 2005 01:22PM
Tollef Fog Heen (tfheen err no) (1 replies)
Re: SHA-1 broken Feb 20 2005 09:45AM
Denis Jedig (seclists syneticon de)
Re: SHA-1 broken Feb 17 2005 01:02AM
Michael Cordover (michael cordover gmail com) (3 replies)
Re: SHA-1 broken Feb 18 2005 02:22AM
Dan Harkless (bugtraq harkless org)

On February 17, 2005, Michael Cordover <michael.cordover (at) gmail (dot) com [email concealed]> wrote:
> On Wed, 16 Feb 2005 14:56:27 +0200, Gadi Evron <gadi (at) tehila.gov (dot) il [email concealed]> wrote:
> >
> > Where do we go from here?
>
> The standard response to "where to now" seems to be Whirlpool
> [http://planeta.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html
].
> That or Tiger [http://www.cs.technion.ac.il/~biham/Reports/Tiger/].

There has indeed been a lot of positive buzz about Whirlpool. I have seen
comments, though, that Whirlpool is quite slow, but that Tiger is pretty
reasonable on 64-bit CPUs.

No doubt we'll see more analyses of these as the old standbys start to look
more and more shaky.

> The team which has cracked SHA1 is the same that cracked MD5 and
> exposed weaknesses in the RIPEMD model. They're good. And they've
> shown that what I would've thought to be the Next Best Thing - RIPEMD

Yeah, for instance RIPEMD-160 is the only other message digest algorithm
currently implemented in the OpenSSL library that would be worth using
(other than perhaps MDC2, which I haven't seen much discussion of -- it's
apparently a method of constructing a 128-bit output hash function out of a
block cipher -- the OpenSSL implementation uses DES).

> - is yet another flawed system.

The original RIPEMD is indeed flawed, as shown by Hans Dobbertin in '95 for
a reduced-round version and by the Chinese team for the full-round version.
However, I have not seen analysis saying that this weakness also applies to
RIPEMD-128 / RIPEMD-160 / RIPEMD-256 / RIPEMD-320
(<http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html>), the
strengthened versions which were co-developed by Dobbertin in '96, partially
in response to the weakness that he found.

Pages like The Hashing Function Lounge
(<http://planeta.terra.com.br/informatica/paulobarreto/hflounge.html>) agree
with this separation of RIPEMD vs. the RIPEMD-160 family.

--
Dan Harkless
http://harkless.org/dan/

[ reply ]
Re: SHA-1 broken Feb 17 2005 11:32PM
D.J. Capelis (djcapelisp yahoo com) (1 replies)
Re: SHA-1 broken Feb 19 2005 03:37AM
Michael Cordover (michael cordover gmail com)
Re: SHA-1 broken Feb 17 2005 10:39PM
dullien gmx de
Re: SHA-1 broken Feb 16 2005 11:27PM
Kent Borg (kentborg borg org)


 

Privacy Statement
Copyright 2010, SecurityFocus