[hashcash] Re: [Fwd: [IRR] New Attacks on Cryptographic Hash Functions]
- From: Jonathan Morton <chromi@xxxxxxxxxxxxxxxxxxxxx>
- To: hashcash@xxxxxxxxxxxxx
- Date: Wed, 18 Aug 2004 02:11:06 +0100
time to change the hashes??
From what I saw of the SHA0 "crack", it requires careful setup and a
huge amount of processing time. They didn't just solve a weird
equation and come up with the answer, they actually had to search a
(somewhat reduced) keyspace for a considerable period before they found
it.
The "crack" was also actually a collision between two chosen
plaintexts, which is far easier (because of the Birthday Theorem) than
a collision between a chosen plaintext and a known hash. Hashcash uses
such a "known hash", so is probably not vulnerable to this type of
attack, even if it applies to SHA1.
That said, we should indeed keep an open mind about introducing more
modern hash functions. I'm prepared to repeat my work so far on
optimising hashcash minters for different processors, if that will lead
to a significantly more robust system.
--------------------------------------------------------------
from: Jonathan "Chromatix" Morton
mail: chromi@xxxxxxxxxxxxxxxxxxxxx
website: http://www.chromatix.uklinux.net/
tagline: The key to knowledge is not to rely on people to teach you it.
Other related posts: