Re: SHA-1 cracked

> ... a team has found collisions in full SHA-1. It's > probably not a practical threat today, since it takes > 2^69 operations to do it ... In the perspective of scale department, there are approximately 2^60 individual insects on this planet, of which 2^50 are ants. --dan ---

Re: ATM machine security

You may want to look at US Patents 4,268,715 and 4,268,715. I believe these are among the core group of ATM patents. - Alex At 09:58 AM 2/17/2005 +0100, Lee Parkes wrote: Hi, I'm working on a project that requires a benchmark against which to judge various suppliers. The closest that has similar re

Re: SHA1 broken?

- Original Message - From: "Dave Howe" <[EMAIL PROTECTED]> Subject: Re: SHA1 broken? Indeed so. however, the argument "in 1998, a FPGA machine broke a DES key in 72 hours, therefore TODAY..." assumes that (a) the problems are comparable, and (b) that moores law has been applied to FP

Geekzone: IT, mobility, wireless and handheld news

Geekzone: IT, mobility, wireless and handheld news PGP moving to stronger SHA Algorithm News : Mobile : Security, posted 19-FEB-2005 19:37 PGP Corporation is planning to migrate to a more secure version of the Secure Hash Algorithm (SH

Re: SHA1 broken?

Eugen Leitl wrote: On Sat, Feb 19, 2005 at 03:53:53PM +, Dave Howe wrote: I wasn't aware that FPGA technology had improved that much if any - feel free to correct my misapprehension in that area though :) FPGAs are too slow (and too expensive), if you want lots of SHA-1 performance, use a crypt

Ink helps drive democracy in Asia

The BBC Saturday, 19 February, 2005, 08:34 GMT Ink helps drive democracy in Asia By Dr David Mikosz In Kyrgyzstan The Kyrgyz Republic, a small, mountainous state of the former Soviet republic, is using invisible ink and ultraviolet readers

Re: SHA-1 cracked

On Feb 15, 2005, at 11:29 PM, Steven M. Bellovin wrote: nevertheless -- especially since it comes just a week after NIST stated that there were no successful attacks on SHA-1. --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb Should anything be read into the timing of the

Re: SHA1 broken?

Joseph Ashwood wrote: I believe you substantially misunderstood my statements, 2^69 work is doable _now_. 2^55 work was performed in 72 hours in 1998, scaling forward the 7 years to the present (and hence through known data) leads to a situation where the 2^69 work is achievable today in a reaso

SHA-1 results available

http://theory.csail.mit.edu/~yiqun/shanote.pdf No real details, just collisions for 80 round SHA-0 (which I just confirmed) and 58 round SHA-1 (which I haven't bothered with), plus the now famous work factor estimate of 2^69 for full SHA-1. As usual, "Technical details will be provided in a fort

Re: SHA1 broken?

- Original Message - From: "Joseph Ashwood" <[EMAIL PROTECTED]> Sent: Friday, February 18, 2005 3:11 AM [the attack is reasonable] Reading through the summary I found a bit of information that means my estimates of workload have to be re-evaluated. Page 1 "Based on our estimation, we ex

Code name "Killer Rabbit": New Sub Can Tap Undersea Cables

WCBS 880 | wcbs880.com Experts: New Sub Can Tap Undersea Cables * USS Jimmy Carter Will Be Based In Washington State Feb 18, 2005 4:55 pm US/Eastern The USS Jimmy Carter, set to join the

Re: Digital Water Marks Thieves

that is [...] invisible until illuminated by police officers using ultraviolet light. That's amazing! How do the tiny particles know that it's not a civilian illuminating them with ultraviolet light? And how does Wired reporter Robert Andrews fail to ask that question? Why would it matter? [...] I

Many Wireless Security Breaches Reported At (RSA) Security Conference

(As I've said many times, security breaches reported at conferences full of security people don't count as a predictor of what's out in the real world as a threat. But, it makes for interesting reading and establishes some metric on the ease of the attack. iang) http://www.mobilepipeline.com/show

Cryptographers to Hollywood: prepare to fail on DRM

The Register Biting the hand that feeds IT Cryptographers to Hollywood: prepare to fail on DRM By John Leyden (john.leyden at theregister.co.uk) Published Thursday 17th February 2005 19:37 GMT RSA 2005 Movie indust

Re: ATM machine security

- Original Message - From: "Lee Parkes" <[EMAIL PROTECTED]> Subject: ATM machine security Hi, I'm working on a project that requires a benchmark against which to judge various suppliers. The closest that has similar requirements is the ATM industry. To this end I'm looking for any papers

Re: SHA1 broken?

- Original Message - From: "Dave Howe" <[EMAIL PROTECTED]> Sent: Thursday, February 17, 2005 2:49 AM Subject: Re: SHA1 broken? Joseph Ashwood wrote: > I believe you are incorrect in this statement. It is a matter of public record that RSA Security's DES Challenge II was broken in 72 hou

RE: SHA1 broken?

Actually, the final challenge was solved in 23 hours, about 1/3 Deep Crack, and 2/3 Distributed.net. They were lucky, finding the key after only 24% of the keyspace had been searched. More recently, RC5-64 was solved about a year ago. It took d.net 4 *years*. 2^69 remains non-trivial. Peter -

Gates not his cocky self at RSA conference

IT Manager's Journal Tracking the Evolution of IT Title Gates not his cocky self at RSA conference Date 2005.02.17 14:33 By Roger Smith Topic Security Story URL SAN FRANCISCO -- Hardcore open source security

Re: [p2p-hackers] SHA1 broken?

--- begin forwarded text To: [EMAIL PROTECTED] Subject: Re: [p2p-hackers] SHA1 broken? Date: Thu, 17 Feb 2005 14:25:36 -0800 (PST) From: [EMAIL PROTECTED] ("Hal Finney") Reply-To: "Peer-to-peer development." <[EMAIL PROTECTED]> Sender: [EMAIL PROTECTED] The problem with the attack scenario wher

Re: SHA-1 cracked

At 22:33 2005-02-16 +, Ian G wrote: Steven M. Bellovin wrote: According to Bruce Schneier's blog (http://www.schneier.com/blog/archives/2005/02/sha1_broken.html), a team has found collisions in full SHA-1. It's probably not a practical threat today, since it takes 2^69 operations to do it a

Re: SHA-1 cracked

On Feb 16, 2005, at 9:15 PM, Joseph Ashwood wrote: - Original Message - From: "Steven M. Bellovin" <[EMAIL PROTECTED]> Subject: SHA-1 cracked It's probably not a practical threat today, since it takes 2^69 operations to do it I will argue that the threat is realizable today, and highly pr

Re: Digital Water Marks Thieves

Matt Crawford wrote: > > On Feb 15, 2005, at 12:40, R.A. Hettinga wrote: > >> Instant, is a property-marking fluid that, when >> brushed on items like office equipment or motorcycles, tags them with >> millions of tiny fragments, each etched with a unique SIN (SmartWater >> identification number)

Re: SHA-1 cracked

>and what about HMAC-SHA1 ? Is it reducing the operation required by >the same factor or as the structure of HMAC is so different that the >attack is very unlikely to be practical ? > > Depends if you care about HMAC collisions being computationally infeasible or not. The attack against MD

Re: SHA-1 cracked

Ian Grigg writes: > Stefan Brands just posted on my blog (and I saw > reference to this in other blogs, posted anon) > saying that "it seems that Schneier forgot to > mention that the paper has a footnote which > says that the attack on full SHA-1 only works > if some padding (which SHA-1 requires)

Re: A cool demo of how to spoof sites (also shows how TrustBar preventsthis...)

Taral wrote: On Wed, Feb 09, 2005 at 07:41:36PM +0200, Amir Herzberg wrote: Want to protect your Mozilla/FireFox from such attacks? Install our TrustBar: http://TrustBar.Mozdev.org (this was the first time that I had a real reason to click the `I don't trust this authority` button...) Opinions?

Re: Digital Water Marks Thieves

Matt Crawford wrote: > How do the tiny particles know that it's not a civilian > illuminating them with ultraviolet light? > > And how does Wired reporter Robert Andrews fail to ask that question? And other people complain about how someone can spray their paint on someone else's valuable and the

Re: SHA-1 cracked

John Kelsey wrote: Anyone know where we could find the paper? It'd be kind-of convenient when trying to assess the impact of the attack if we knew at least a few details The *words* part I typed in here: http://www.financialcryptography.com/mt/archives/000357.html I skipped the examples. I

Re: SHA-1 cracked

>From: Ian G <[EMAIL PROTECTED]> >Sent: Feb 16, 2005 5:33 PM >To: "Steven M. Bellovin" <[EMAIL PROTECTED]> >Cc: cryptography@metzdowd.com >Subject: Re: SHA-1 cracked >Stefan Brands just posted on my blog (and I saw >reference to this in other blogs, posted anon) >saying that "it seems that Schneie

Re: SHA-1 cracked

>From: Joseph Ashwood <[EMAIL PROTECTED]> >Sent: Feb 17, 2005 12:15 AM >To: cryptography@metzdowd.com >Subject: Re: SHA-1 cracked >This attack means that we need to begin the process for a quick and painless >retirement of SHA-1 in favor of SHA-256/384/512 in the immediate future and >begin furt

Cybercash on Vacation

Technology Review TechnologyReview.com Print | Forums Cybercash on Vacation By Peter Wayner March 2005 Back in 1996, a small handful of cryptographers, bankers, and blue-sky thinkers were debating, on Internet

Re: Digital Water Marks Thieves

at the risk of being accused of being humor impaired: the particles are ignorant. it's the police officers that need to know to look for the taggants. civilians could look, but might not have access to the semantic content in the database. this is similar, i think to the taggants that are imbed

Re: SHA-1 cracked

Ian G wrote: Stefan Brands just posted on my blog (and I saw reference to this in other blogs, posted anon) saying that "it seems that Schneier forgot to mention that the paper has a footnote which says that the attack on full SHA-1 only works if some padding (which SHA-1 requires) is not done." I

Re: [IP] SHA-1 cracked?

On Wed, 16 Feb 2005, Ben Laurie wrote: > A work factor of 2^69 is still a serious amount of work. Yep. Does anyone recall DeepCrack's specs? -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF "Quadriplegics think before they write stupid pointless shit...because they have to type everyt