On Wed, 18 Aug 2004, Shachar Shemesh wrote: > Orr Dunkelman wrote: > > >This is true, but has no meaning. A paper to be presented tomorrow in > >Santa Barbara by Antoine Joux (who found the collision in SHA-0), explains > >that to attack such a scheme: > >h(x) = SHA-1(x) || MD5(x) > >is as hard as breaking the harder between the two (under birthday > >attacks). > >So a generic attack of finding collisions in SHA-1(x)||MD5(x) requires > >only 2^80 computations (and not 2^160 as one might expect). > >Also, it is very likely that if the SHA-1 results will be obtained in > >similar methods to the ones of MD5, then his ideas will be applicable also > >for the new attacks. > > > > > > > The paper was pretty scarce on details. What is the attack method? > > Also, I wrote a newbie friendly explanation of what happens there in my > blog. http://www.israblog.co.il/35850. > > Shachar >
These are two different attacks. Antoine Joux presented an attack to find collisions in schemes of the form h(x) = h1(x)||h2(x) under the assumption that h1(x) and h2(x) are attacked using birthday paradox. The attack by the Cheinese people is based on a new method by Eli Biham, which is an improvement of a method by Antoine Joux, and is based on using more than one block of message to generate a collision. -- Orr Dunkelman, [EMAIL PROTECTED] "Any human thing supposed to be complete, must for that reason infallibly be faulty" -- Herman Melville, Moby Dick. Spammers: http://vipe.technion.ac.il/~orrd/spam.html GPG fingerprint: C2D5 C6D6 9A24 9A95 C5B3 2023 6CAB 4A7C B73F D0AA (This key will never sign Emails, only other PGP keys.) -------------------------------------------------------------------------- Haifa Linux Club Mailing List (http://www.haifux.org) To unsub send an empty message to [EMAIL PROTECTED]
