Target collisions for MD5 can be calculated in seconds on a laptop,
based on just a small change in the first block of input. There was
also a semi-successful demo of MD5 certificate problems; you could
join the special wireless network, and any https connection would be
silently proxied using the fake CA certificate generated a few months
ago. (You had to set your clock back to 2004, though, since the CA
certificate was intentionally generated to be long expired).
The SHA-1 attack complexity of 2^52 was a correct improvement to an
incorrect result. Don't currently have an accurate estimate; IIUC it's
bounded above by 2^56.
The related-key attacks on AES have been extended to AES-192, and also
to some sort of non-standard AES-128, but it wasn't clear to me what
it was that they did. AES-128 as standardized is still (and likely to
remain) safe.
The National Museum of Computing (at Bletchley Park in England) is
doing interesting stuff, but is still starved for cash. There is a
501(c)3 you can donate to for tax deductibility and corporate
matching, if people want to donate.
Don't run algorithms on secret data in the cloud; it's not too
difficult for an attacker to get themselves assigned to the same
machine and use timing/cache attacks to recover your keys.
(At that point I was tired and inebriated and left.)
Greg.
On 2009 Aug 19, at 2:01 , Perry E. Metzger wrote:
Watching the rump session online briefly last night, I saw that some
interesting new results on MD5 and AES seem to have been discussed at
the conference. Would anyone care to give us a brief overview for the
mailing list?
Perry
--
Perry E. Metzger pe...@piermont.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
