Re: [SC-L] [Full-disclosure] Chinese Professor Cracks Fifth Data Security Algorithm (SHA-1)

2007-03-21 Thread der Mouse
Cracking a hash would [...]. There are an infinite number of messages that all hash to the same value. Yes, but there's no guarantee that this is true of any particular hash value, such as the one you're intersted in, only that there exists at least one hash value that it's true of. (At

Re: [SC-L] [Full-disclosure] Chinese Professor Cracks Fifth Data Security Algorithm (SHA-1)

2007-03-21 Thread Blue Boar
3APA3A wrote: First, by reading 'crack' I thought lady can recover full message by it's signature. After careful reading she can bruteforce collisions 2000 times faster. Cracking a hash would never mean recovering the full original message, except for possibly messages that were smaller

Re: [SC-L] [Full-disclosure] Chinese Professor Cracks Fifth Data Security Algorithm (SHA-1)

2007-03-21 Thread Blue Boar
3APA3A wrote: I know meaning of 'hash function' term, I wrote few articles on challenge-response authentication and I did few hash functions implementations for hashtables and authentication in FreeRADIUS and 3proxy. Can I claim my right for sarcasm after calling

Re: [SC-L] [Full-disclosure] Chinese Professor Cracks Fifth Data Security Algorithm (SHA-1)

2007-03-21 Thread Blue Boar
My understanding that the kind of birthday attack under discussion would start at 80-bits if SHA-1 (at 160-bits) were 100% secure. The attack under discussion is reported to reduce that to the neighborhood of 60-something bits. I am not a mathematician though, so I would be perfectly willing to