Re: Re-secured Algorithm?

From: Regis (nobody_at_thisaddress.com)
Date: 08/29/05 

Date: Sun, 28 Aug 2005 21:13:27 -0400

On 28 Aug 2005 05:19:20 -0700, tomstdenis@gmail.com wrote:

>Um I guess you weren't around last year but the same people who broke
>SHA-1 had real collisions in MD5. Google for around august of 2004.

How did I know you're going to start your Google nonsense again?
I specifically asked YOU to show me collisions that YOU have produced.
Not other people.
Not Google.
YOU.
Tom St. Denis.
JUST YOU.
You're the one that said it was "trivial" to do, so I'm calling you on
it.

>First, I disagree [specially in the case of MD5]. 2^63 may be
>impractical now but it won't be in a dozen years.

Even in a dozen years it will still be impractical in the sense that
it would still cost you a lot of money to mount your attack.
Certainly not as much money as it would today, but still it won't be
free by any stretch of the imagination.

In either case, it's a moot point because I never once said anything
to suggest that anyone should still be using SHA-1 much beyond 2010.
Between now and then, hopefully a new standard will be agreed upon,
and there's still plenty of time for software developers to make the
necessary changes long before attacks on SHA-1 can be successfully
carried out in a short amount of time.

>> No...actually, you wouldn't...because that would require other people
>> to join in. Lots and lots of other people. My personal bet is that
>> you wouldn't be able to organize anything even remotely adequate in
>> terms of collective processing power because nobody gives a rat's ass
>> about you.

>Oh, that's a sound argument. Personal attacks!

It wasn't a personal attack.
Get over yourself -- you're not important enough for me to attack you
personally.
What I said was that nobody gives a rat's ass about you if you tried
to organize some distributed computing effort.
Just as nobody would give a rat's ass about me if I did the same
thing.
If the effort is not interesting or not beneficial to the people
involved, then they won't care.

>Common sense then tells you too keep deploying systems using crypto you
>know you can break?

Going by your brand of logic, why even bother with any crypto at all?
We know that ALL ciphers can be broken from the day they're created.

>[whatever, I know for a fact you're younger than 25, mature people are
>like well groomed ladies, if you have to say you are you're not.]

LOL
As if I didn't already have enough reasons to laugh at you, I just
found yet another one.
How the hell could you possibly "know for a fact" anything about me,
let alone my age? Newsflash: you can't, and you don't.
And just to satisfy your overwhelming curiosity, you can rest assured
that I'm not younger than 25. As much as I loved my 20's, I'm glad to
have left them behind.

>SHA-1 never should have existed. But that aside ... There are smarter
>ways to design a hash now. SHA-2 isn't it.

Why not? What's wrong with SHA-2, other than its yet-unproven
longevity?

>You know what, right now I wouldn't fear using SHA-1.

Based on all your rhetoric and whining on the subject, I would've
though you feared SHA-1 the way a fat kid fears swim class.

> What you are missing is deployment. Why write new software
> that uses SHA-1 when all that is going to happen is you'll have
> to change it in another couple years...?

I never once said that NEW software should be written with SHA-1
embedded. All I said was that if you're already using it, you can
safely continue to do so until 2010 at least.

If you're writing new software, then by all means, use something
different -- but that still leaves you with the problem of WHAT to
use. There's still no agreement on what will replace SHA-1, and as
was already discussed, its likely successors (as they stand today)
should be trusted even less than SHA-1 itself.

Relevant Pages

  • RE: SHA-1 vs. triple-DES for password encryption?
    ... when you deal with passwords. ... Cryptographers call an attack something that would work on say ... > triple-DES and SHA-1 algorithms available. ... By not using triple-DES there is no need to secure a key ...
    (SecProg)
  • Re: Hash functions and streaming
    ... > The cryptanalysis article does not actually support your conclusion. ... > Though an attack has been found, it is not a genaral cause for alarm. ... > further discuss how to use it (SHA-1) securely. ... "Ich bin ein freier Mensch und werde jetzt von meinen Freiheitsrechten ...
    (comp.security.misc)
  • Re: first MD5 and now SHA-1
    ... > Shiaoyun Wang has done it again! ... Linkname: Schneier on Security: New Cryptanalytic Results Against SHA-1 ... But an attack that's faster than 2^64 is a significant milestone. ... For IBM-MAIN subscribe / signoff / archive access instructions, ...
    (bit.listserv.ibm-main)
  • [Newbie] Advice needed regarding SHA0 SHA1 MD5
    ... SHA-1 has been broken. ... than the brute-force attack of 2**80 operations based on the hash length. ... This attack builds on previous attacks on SHA-0 and SHA-1, and is a major, ... We wondered if storing passwords hashed as MD5 was safe. ...
    (sci.crypt)
  • Re: Collision in SHA-0
    ... Jean-Luc Cooke wrote: ... > with SHA-1 to fix this. ... I think the big issue was that nobody knew why the switch occured. ...
    (sci.crypt)
Loading