On Tue, 20 Dec 2005 02:16:52 -0500 "Robert A. Rosenberg" <[EMAIL PROTECTED]> wrote:
:>At 19:04 +0000 on 12/19/2005, john gilmore wrote about first MD5 and now SHA-1: :>>Shiaoyun Wang has done it again! After breaking MD5 last year, she :>>has now broken SHA-1. The NSA's own pridefully recommended :>>encryption system now affords not even minimal security. :>>Look to the situations in which you are using it, directly or at one remove. :>You have to look at the MD5 and SHA-1 "Braking" in context. What has :>been done is the ability to create lots of messages and yield two of :>these messages with the same hash in much fewer attempts than pure :>chance would require. The methods do NOT allow you to force the :>"matching" message to have the same hash as another nor does it allow :>the alteration of a message while keeping the hash (either of which :>would compromise the systems from a security viewpoint). An important point. The exposure is if someone gives another a document to sign, the submitter may have generated another INTELLIGIBLE document with the same hash (which, while time consuming, is a task that can be done in parallel). The submitter earlier played with the document by adding spacing or other white space so that the concept remains the same, at the same time playing with another document (the forgery) - trying to generate a match. The attack will be a bit harder if the signer alters the document after it was submitted, by adding or removing white space. -- Binyamin Dissen <[EMAIL PROTECTED]> http://www.dissensoftware.com Director, Dissen Software, Bar & Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
