>Jason did not say that a secure hash function is incapable of >producing a single collision. He said that we will never *see* a >collision if the hash function is truly secure.
that's correct. for instance, based on recent findings, SHA1 is not "truly secure" because it now takes a mere 1.8 trillion years of CPU time to produce a collision instead of the normal 3.8 quadrillion years of CPU time. (do the math, assume 10K ops/sec) sorry, couldn't resist. :-p Josh Coates http://www.jcoates.org -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michael Halcrow Sent: Thursday, February 17, 2005 1:11 PM To: BYU Unix Users Group Subject: Re: [uug] SHA-1 is probably broken On Thu, Feb 17, 2005 at 01:04:51PM -0700, Harshwardhan Nagaonkar wrote: > Jason Holt wrote: > >On Wed, 16 Feb 2005, Josh Coates wrote: > <snip/> > >bunch of other hashes, that was big news. A bunch of people said > >"hey, it's just a collision, we already knew hash functions have > >collisions," but they didn't realize that in a truly secure hash > >function, *we'll never ever see even a single one*. And sure > >enough, people like Kaminsky are showing that > ^^^^^^^^^^^^^^^^^^^^^^ > <snip/> > > The only formal training I've had in hashes and hash buckets was in > CS235, so this might not be a good question, considering my limited > know-how. > > But I was wondering how you could have a hash function that never > has a single collision? Jason did not say that a secure hash function is incapable of producing a single collision. He said that we will never *see* a collision if the hash function is truly secure. Mike .___________________________________________________________________. Michael A. Halcrow Security Software Engineer, IBM Linux Technology Center GnuPG Fingerprint: 05B5 08A8 713A 64C1 D35D 2371 2D3C FDDA 3EB6 601D "The Computer made me do it." -------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
