Re: Now that SHA-1 is cracked...
thurberk_at_cscsw.com
Date: 02/22/05
- Previous message: Gunjan Desai: "Redirect web site on Private LAN"
- In reply to: Matt Gibson: "Re: Now that SHA-1 is cracked..."
- Next in thread: Matt Gibson: "Re: Now that SHA-1 is cracked..."
- Reply: Matt Gibson: "Re: Now that SHA-1 is cracked..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 22 Feb 2005 06:59:44 -0800
Matt Gibson wrote:
<snip A and B>
> C) Say the paper is right, and they can now break SHA-1 in ~2^53
attempts.
> What does this mean to most people? Nothing. With these attacks,
you
> cannot just get "I will give you 1 million dollars" to "I will give
you 10
> million dollars". You'd have a better chance of getting
"09sdfkj3uih3wi8"
> to hash to the same value.
Certainly true--this alleged vulnerability has no measurable effect on
signed messages. However and unfortunately, some applications use
SHA-1 as a more basic building block of their security. The most
common example, of course, is storing the hash of a password in an
accessible xml file, and authenticating the user if a hash of his input
matches the hash in the xml file. Assuming that the Chinese can do
everything they claim, and that the padding problem can likewise be
overcome, these collisions surely reduce the security of such
applications by the advertised amount.
- Previous message: Gunjan Desai: "Redirect web site on Private LAN"
- In reply to: Matt Gibson: "Re: Now that SHA-1 is cracked..."
- Next in thread: Matt Gibson: "Re: Now that SHA-1 is cracked..."
- Reply: Matt Gibson: "Re: Now that SHA-1 is cracked..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
