RES: sha-1 cryptography

Hi,

This are my 2cents, correct me if I'm wrong, please...

SHA-1 is not a criptographic algorithm, it's a hash algorithm, and it is known that SHA-1 just as all others SHA algorithms have a finite number os possibilities for a hash code. It means that two objects could generate the same hash code.

The person who "broke" it, simply found two completely different objects with the same hash. Nowadays, there are stronger SHA's algorithms, such as SHA-512, with 512 bits combination, which is much more difficult to find hash in common. Remeber, they're still finite...

I could not tell you the opinion of specialysts, but I can sure tell you that you should always use the harder algorithm you can!


[]s





-----Mensagem original-----
De: Enquiries [mailto:enquiries@xxxxxxxxxxxxxxx]
Enviada em: terça-feira, 20 de dezembro de 2005 16:37
Para: Security-Basics (E-mail)
Assunto: sha-1 cryptography


Dear All

I understand that SHa-1 cryptography has been broken by the same person who
broke MD5, xiaoyun Wang. So what does that mean for password security and
credit card transactions etc. Does that mean we will need to look for other
stronger cryptography solutions and if yes what do you recommend, especially
for passwords?

thanks

Tallat


www.macklamm.com - moving to brussels? looking for accommodation?
www.globalart4u.com - art and crafts - give the gift of originality
www.macklamm.org - latest list of vat exempt gold coins for investment now
available

--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.14.1/207 - Release Date: 19/12/05



---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------
*******************************************************************************************
Atenção: Esta mensagem foi enviada para uso exclusivo do(s) destinatários(s) acima
identificado(s), podendo conter informações e/ou documentos
confidencias/privilegiados e seu sigilo é protegido por lei.
Caso você tenha recebido por engano, por favor, informe o remetente e apague-a de
seu sistema.
Notificamos que é proibido por lei a sua retenção, disseminação, distribuição, cópia ou
uso sem expressa autorização do remetente.
Opiniões pessoais do remetente não refletem, necessariamente, o ponto de vista da
CETIP, o qual é divulgado somente por pessoas autorizadas.


Attention: This message was sent for exclusive use of the addressees above
identified, being able to contain information and or privileged/confidential documents
and law protects its secrecies.
In case that you it has received for deceit, please, it informs the shipper and erases it
of your system.
We notify that law forbids its retention, dissemination, distribution, copy or use without
express authorization.
Personal opinions of the shipper do not reflect, necessarily, the point of view of the
CETIP, which is only divulged by authorized people.
*******************************************************************************************


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------

Relevant Pages

  • Re: SHA-1 vs. triple-DES for password encryption?
    ... be better to use a standard algorithm rather than a home-grown one. ... SHA-1 and 3DES have been reviewed for some time. ... This is where a hash comes in nicely. ... Longer passwords and hashes aid in making the hash much harder to work with. ...
    (SecProg)
  • Re: padding scheme
    ... so the program converts the password into a key for the individual algorithm. ... Blowfish Advanced CS uses a key setup in which your password (or key disk ... content) is hashed with SHA-1, ...
    (sci.crypt)
  • Re: SHA-1 and the "birthday paradox"
    ... risk of collision when using SHA-1 as a digest, or hash key, for ... identical SHA-1 digest referring to two distinct blocks rather than a ... If you find a collision on SHA-1 then you may publish it and become ... (Cost is here expressed in number of hash function computations which ...
    (comp.lang.forth)
  • Re: [Full-disclosure] Chinese Professor Cracks Fifth Data Security Algorithm (SHA-1)
    ... SHA-1 is 160 bit hash. ... MS> professor Wang Xiaoyun of Beijing's Tsinghua University and Shandong ... Wang's research focusses on hash algorithms. ...
    (Full-Disclosure)
  • Re: sort unique
    ... given that a hash table is not ... IMO if the vendor's algorithm does something "obvious", ... function to eliminate keys that hash to the same bucket per some ... strings of random lengths, and two strings are ...
    (comp.lang.lisp)