On Fri, Feb 18, 2005, Przemek Michalski wrote: > Hi there, > > Anyone heard the recent news on breaking the SHA-1 hashing algorithm? > > I guess this is not yet official and God only knows if it is true, however > what impact > would this fact have on the SHA-1/RSA digital certificate signature > technology in overall > look. > > Any comments? > > You may view the following link to read more about this issue: > http://www.schneier.com/blog/archives/2005/02/sha1_broken.html >
Based on current info (which may well change!) I'd agree with various other commentators that this is more a "wake up call" than a major disaster. The results show collisions in SHA1 can be perfomed more efficiently than the brute force approach. That means two messages M1 and M2 can be generated such that SHA1(M1)==SHA1(M2) and M1 != M2. It appears that M1 and M2 are also required to have a specific structure. If it were possible to find a message of a specific form that collided with a specific predefined message that would be much more serious. That has not been done nor has it been done for other digests which have been shown to have weaknesses long before the current result. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
