Re: SHA-1 broken
From: Tollef Fog Heen (tfheen_at_err.no)
Date: 02/19/05
- Previous message: Matthias Geerdsen: "[ GLSA 200502-27 ] gFTP: Directory traversal vulnerability"
- In reply to: dullien_at_gmx.de: "Re: SHA-1 broken"
- Next in thread: Denis Jedig: "Re: SHA-1 broken"
- Reply: Denis Jedig: "Re: SHA-1 broken"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <bugtraq@securityfocus.com> Date: Sat, 19 Feb 2005 14:22:12 +0100
*
| Hey all,
|
| > We abandon the requirement of collision resistance. This is a
| > strange requirement, and is not supported by experience. Collision
| > resistance
|
| we might think of changing the requirement of collision resistance
| to "collision resistance in input data that is valid ASCII text". The
| attacks on MD5 used the weak avalanche of the highest-order bit
| in 32-bit words for producing the collision, basically precluding the
| possibility of generating colliding ASCII text.
That's not really useful is you want to sign something in non-English
languages. Valid UTF8 might be a decent requirement, though.
--
Tollef Fog Heen ,''`.
UNIX is user friendly, it's just picky about who its friends are : :' :
`. `'
`-
- Previous message: Matthias Geerdsen: "[ GLSA 200502-27 ] gFTP: Directory traversal vulnerability"
- In reply to: dullien_at_gmx.de: "Re: SHA-1 broken"
- Next in thread: Denis Jedig: "Re: SHA-1 broken"
- Reply: Denis Jedig: "Re: SHA-1 broken"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
