Re: SHA-1 broken
From: Tollef Fog Heen (tfheen_at_err.no)
To: <email@example.com> Date: Sat, 19 Feb 2005 14:22:12 +0100
| Hey all,
| > We abandon the requirement of collision resistance. This is a
| > strange requirement, and is not supported by experience. Collision
| > resistance
| we might think of changing the requirement of collision resistance
| to "collision resistance in input data that is valid ASCII text". The
| attacks on MD5 used the weak avalanche of the highest-order bit
| in 32-bit words for producing the collision, basically precluding the
| possibility of generating colliding ASCII text.
That's not really useful is you want to sign something in non-English
languages. Valid UTF8 might be a decent requirement, though.
-- Tollef Fog Heen ,''`. UNIX is user friendly, it's just picky about who its friends are : :' : `. `' `-