Re: SHA-1 broken

From: Tollef Fog Heen (tfheen_at_err.no)
Date: 02/19/05

  • Next message: MurDoK: "Thomson TCW690 POST Password Validation Vulnerability"
    To: <bugtraq@securityfocus.com>
    Date: Sat, 19 Feb 2005 14:22:12 +0100
    
    

    *

    | Hey all,
    |
    | > We abandon the requirement of collision resistance. This is a
    | > strange requirement, and is not supported by experience. Collision
    | > resistance
    |
    | we might think of changing the requirement of collision resistance
    | to "collision resistance in input data that is valid ASCII text". The
    | attacks on MD5 used the weak avalanche of the highest-order bit
    | in 32-bit words for producing the collision, basically precluding the
    | possibility of generating colliding ASCII text.

    That's not really useful is you want to sign something in non-English
    languages. Valid UTF8 might be a decent requirement, though.

    -- 
    Tollef Fog Heen                                                        ,''`.
    UNIX is user friendly, it's just picky about who its friends are      : :' :
                                                                          `. `' 
                                                                            `-  
    

  • Next message: MurDoK: "Thomson TCW690 POST Password Validation Vulnerability"