time to change the hashes??
-------- Original Message -------- Subject: [IRR] New Attacks on Cryptographic Hash Functions Date: Tue, 17 Aug 2004 20:54:33 -0400 From: Ted Anderson <TedAnderson@xxxxxxxxxxxxxx> To: irregulars@xxxxx
There is some excitement at Crypto 2004 in Santa Barbara, CA with the release of news on several attacks on important hash functions used in most cryptographic software. MD5 has been broken and a collision for SHA0 has been found. There are rumors that a break on SHA1 will be announced tonight (7PM PDT) at the Crypto 2004 Rump Session[4]. No one uses SHA0 anymore, but SHA1 is a trivial variant "suggested" by the NSA to "improve" the originally proposed SHA0. Conspiracy theorists keep in mind that the NSA's record of suggesting improvements to DES now appear very well taken.
There's a decent story on CNET[1] and of course Slashdot coverage[2]. The announcement and considerable follow up and discussion appear on sci.crypt[3]. The Rump Session is supposed to be carried live via Webcast[5,6]. I'm going to try to tune in and watch.
Ted
[1] http://zdnet.com.com/2100-1105_2-5313655.html [2] http://slashdot.org/articles/04/08/17/0030243.shtml [3] http://groups.google.com/groups?th=2f215db4bf662feb [4] http://www.iacr.org/conferences/crypto2004/rump.html [5] http://128.111.55.99/crypto.htm [6] mms://128.111.55.99/crypto
_______________________________________________ Irregulars mailing list Irregulars@xxxxx http://tb.tf/mailman/listinfo/irregulars
-- Speech recognition in use. It makes mistakes, I correct most