Re: Certainty

2009-08-25 Thread Hal Finney
Paul Hoffman wrote: Getting a straight answer on whether or not the recent preimage work is actually related to the earlier collision work would be useful. I am not clueful enough about this work to give an authoritative answer. My impression is that they use some of the same general techniques

Re: Certainty

2009-08-25 Thread Perry E. Metzger
h...@finney.org (Hal Finney) writes: Paul Hoffman wrote: Getting a straight answer on whether or not the recent preimage work is actually related to the earlier collision work would be useful. [...] There was an amusing demo at the rump session though of a different kind of preimage

Re: Certainty

2009-08-23 Thread Paul Hoffman
At 7:10 PM -0700 8/19/09, james hughes wrote: On Aug 19, 2009, at 3:28 PM, Paul Hoffman wrote: I understand that creaking is not a technical cryptography term, but certainly is. When do we become certain that devastating attacks on one feature of hash functions (collision resistance) have any

Re: Certainty

2009-08-21 Thread james hughes
Caution, the following contains a rant. On Aug 19, 2009, at 3:28 PM, Paul Hoffman wrote: I understand that creaking is not a technical cryptography term, but certainly is. When do we become certain that devastating attacks on one feature of hash functions (collision resistance) have any

Re: Certainty

2009-08-21 Thread Greg Rose
On 2009 Aug 19, at 3:28 , Paul Hoffman wrote: At 5:28 PM -0400 8/19/09, Perry E. Metzger wrote: I believe attacks on Git's use of SHA-1 would require second pre- image attacks, and I don't think anyone has demonstrated such a thing for SHA-1 at this point. None the less, I agree that it

Re: Certainty

2009-08-21 Thread John Gilmore
Getting back towards topic, the hash function employed by Git is showing signs of bitrot, which, given people's desire to introduce malware backdoors and legal backdoors into Linux, could well become a problem in the very near future. James A. Donald jam...@echeque.com I believe attacks

Re: Certainty

2009-08-19 Thread Perry E. Metzger
Paul Hoffman paul.hoff...@vpnc.org writes: The longer that MD5 goes without any hint of preimage attacks, the less certain I am that collision attacks are even related to preimage attacks. I believe that yesterday, at the rump session at Crypto, restricted preimage attacks were described. Not