Re: [IP] SHA-1 cracked?

2005-03-05 Thread Hal Finney
Steve Bellovin writes: Note that finding a hash function collision by brute force is inherently harder, because it requires some communication: two widely-separated machines may have produced matching outputs, but they need to know about the other one. That's not necessarily true, although

Re: [IP] SHA-1 cracked?

2005-02-22 Thread J.A. Terranson
On Wed, 16 Feb 2005, Ben Laurie wrote: A work factor of 2^69 is still a serious amount of work. Yep. Does anyone recall DeepCrack's specs? -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF Quadriplegics think before they write stupid pointless shit...because they have to type

Re: SHA-1 cracked

2005-02-22 Thread Mads Rasmussen
Ian G wrote: Stefan Brands just posted on my blog (and I saw reference to this in other blogs, posted anon) saying that it seems that Schneier forgot to mention that the paper has a footnote which says that the attack on full SHA-1 only works if some padding (which SHA-1 requires) is not done. I

Re: SHA-1 cracked

2005-02-22 Thread John Kelsey
From: Joseph Ashwood [EMAIL PROTECTED] Sent: Feb 17, 2005 12:15 AM To: cryptography@metzdowd.com Subject: Re: SHA-1 cracked This attack means that we need to begin the process for a quick and painless retirement of SHA-1 in favor of SHA-256/384/512 in the immediate future and begin further

Re: SHA-1 cracked

2005-02-22 Thread Ian G
John Kelsey wrote: Anyone know where we could find the paper? It'd be kind-of convenient when trying to assess the impact of the attack if we knew at least a few details The *words* part I typed in here: http://www.financialcryptography.com/mt/archives/000357.html I skipped the examples.

Re: SHA-1 cracked

2005-02-22 Thread Hal Finney
Ian Grigg writes: Stefan Brands just posted on my blog (and I saw reference to this in other blogs, posted anon) saying that it seems that Schneier forgot to mention that the paper has a footnote which says that the attack on full SHA-1 only works if some padding (which SHA-1 requires) is

Re: SHA-1 cracked

2005-02-22 Thread Jim McCoy
On Feb 16, 2005, at 9:15 PM, Joseph Ashwood wrote: - Original Message - From: Steven M. Bellovin [EMAIL PROTECTED] Subject: SHA-1 cracked It's probably not a practical threat today, since it takes 2^69 operations to do it I will argue that the threat is realizable today, and highly

Re: SHA-1 cracked

2005-02-22 Thread Greg Rose
At 22:33 2005-02-16 +, Ian G wrote: Steven M. Bellovin wrote: According to Bruce Schneier's blog (http://www.schneier.com/blog/archives/2005/02/sha1_broken.html), a team has found collisions in full SHA-1. It's probably not a practical threat today, since it takes 2^69 operations to do it

Re: SHA-1 cracked

2005-02-22 Thread Douglas F . Calvert
On Feb 15, 2005, at 11:29 PM, Steven M. Bellovin wrote: nevertheless -- especially since it comes just a week after NIST stated that there were no successful attacks on SHA-1. --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb Should anything be read into the timing of the

Re: SHA-1 cracked

2005-02-17 Thread Alexandre Dulaunoy
On Tue, 15 Feb 2005, Steven M. Bellovin wrote: According to Bruce Schneier's blog (http://www.schneier.com/blog/archives/2005/02/sha1_broken.html), a team has found collisions in full SHA-1. It's probably not a practical threat today, since it takes 2^69 operations to do it and we haven't

Re: SHA-1 cracked

2005-02-17 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Alexandre Dulaunoy writes: On Tue, 15 Feb 2005, Steven M. Bellovin wrote: According to Bruce Schneier's blog (http://www.schneier.com/blog/archives/2005/02/sha1_broken.html), a team has found collisions in full SHA-1. It's probably not a practical threat

Re: SHA-1 cracked

2005-02-17 Thread John Kelsey
From: Steven M. Bellovin [EMAIL PROTECTED] Sent: Feb 15, 2005 11:29 PM To: cryptography@metzdowd.com Subject: SHA-1 cracked According to Bruce Schneier's blog (http://www.schneier.com/blog/archives/2005/02/sha1_broken.html), a team has found collisions in full SHA-1. It's probably

Re: [IP] SHA-1 cracked?

2005-02-17 Thread Ben Laurie
David Farber wrote: -- Forwarded Message From: Rodney Joffe [EMAIL PROTECTED] Date: Wed, 16 Feb 2005 07:36:36 -0700 To: Dave Farber [EMAIL PROTECTED] Subject: SHA-1 cracked? For IP Hi Dave, Bruce Schneier is reporting in his blog that SHA-1 appears to have been broken by a Chinese group

Re: SHA-1 cracked

2005-02-17 Thread Dan Kaminsky
It is worth emphasizing that, as a 2^69 attack, we're not going to be getting test vectors out of Wang. After all, if she had 2^69 computation available, she wouldn't have needed to attack MD5; she could have just brute forced it in 2^64. This means the various attacks in the MD5 Someday paper

Re: SHA-1 cracked

2005-02-17 Thread Joseph Ashwood
- Original Message - From: Steven M. Bellovin [EMAIL PROTECTED] Subject: SHA-1 cracked It's probably not a practical threat today, since it takes 2^69 operations to do it I will argue that the threat is realizable today, and highly practical. It is well documented that in 1998 RSA

Re: SHA-1 cracked

2005-02-17 Thread Ian G
Steven M. Bellovin wrote: According to Bruce Schneier's blog (http://www.schneier.com/blog/archives/2005/02/sha1_broken.html), a team has found collisions in full SHA-1. It's probably not a practical threat today, since it takes 2^69 operations to do it and we haven't heard claims that NSA et

SHA-1 cracked

2005-02-16 Thread Steven M. Bellovin
According to Bruce Schneier's blog (http://www.schneier.com/blog/archives/2005/02/sha1_broken.html), a team has found collisions in full SHA-1. It's probably not a practical threat today, since it takes 2^69 operations to do it and we haven't heard claims that NSA et al. have built massively