Herbert Graf wrote:

>>> http://www.theregister.co.uk/2005/02/17/sha1_hashing_broken/
>>> 
>>> Long rumored and now official, the popular SHA-1 hashing algorithm has been
>>> attacked successfully by researchers in China and the US......
>> 
>> Not really... they only found a collision, which in most applications is
>> not a successful attack. 
> 
> Actually I believe it is. By being able to find a collision one opens up
> the possibility of spoofing. That's a pretty serious breach and I would
> consider it "attacked successfully".

As you also said, pretty much every hash algorithm that results in a hash
that's shorter than the original (which is the whole idea of hashing) can
be spoofed. So the fact that it could be spoofed is nothing new, and
doesn't mean that it is now cracked vs it wasn't before. 

The only news item here is that the attack took "only" 2^69 attempts
instead of the expected 2^80. For me, 2^69 is good enough. Feel free to try
to find a collision on a message of mine... :)

The other thing is that just finding a collision is still a long ways from
spoofing a message. You need to find a collision on a message that makes
sense in the context. "This is a phrase that makes sense." If the collision
you find for that phrase (after 2^69 attempts) looks like this "t38/xksn
oa&ta0r th.an\x03tahT", or maybe even "Orange killer Desk red", it probably
won't help you much.


> All hashing algorithms can be breached. The only "safe" part about most
> of them is the operations required to breach them. The fact that SHA-1
> can be breached with many magnitudes fewer operations is significant.

Yes, it may be significant, but for whom? Anybody here who sees a real
significance in his life (which includes of course your work) by this
reduction for finding /a single collision/ from 2^80 attempts to 2^69?

IMO the new thing here is that the security researchers didn't think it was
possible in less than 2^80, and now it has been shown that it is. That's
quite interesting for anybody interested in encryption theory. But I fail
to see actual security implications. 

Gerhard
-- 
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist