[hashcash] Re: [Fwd: [IRR] New Attacks on Cryptographic Hash Functions]

• From: Jean-Luc Cooke <jlcooke@xxxxxxxxxxxxxx>
• To: hashcash@xxxxxxxxxxxxx
• Date: Wed, 18 Aug 2004 14:03:09 -0400

To be clear:
  MD5 is borken.  The whole thing:
    http://www.md5crk.com/md5col.zip
  SHA-0 is broken.  The whole thing:
    http://www.md5crk.com/sha0col
  HAVAL-128 and RIPEMD-128 and MD4 are also broken using the same techniques.

56 round SHA-1 (out of a possible 80) is broken.

The event of the pasat week cast heavy doubt on the current common techniques
used in hash algorithms.  MD4 was the first to use this unblanced Fiezel
network.

Wirlpool and Tiger are sometimes called "wide-trail" hashs.  Different beasts
entirly.

I suspect even SHA-256 and SHA-384/512 may be vulnerable to these attacks to
some extent.

I expect there to be a flurry of new hashs proposed and adopted as
industry/government/international standards.

JLC

On Wed, Aug 18, 2004 at 04:32:16PM +0000, Justin Guyett wrote:
> On 2004-08-18T09:43:13-0400, Jean-Luc Cooke wrote:
> > Tiger and Wirlpool are two hashs of higher repute that are not based on the
> > MD4 structure.
> 
> I know about tiger.  I just found a summary of whirlpool.  Looks
> interesting, but like tiger, not much effort has been put into breaking
> it.  So while MD5 and SHA* may not look so good right now, there's no
> particular reason to think that either tiger or whirlpool is any better,
> even if they stand up to attacks that break or weaken MD5 and SHA1.
> 
> > In short - I'd hold on a bit longer before commiting to any algorithm.
> 
> Would it be worthwhile to include an additional field at the end to
> specify the puzzle type?  That way every time someone wants to change
> hashes or puzzle types (while remaining with the same framework), the
> version number can stay the same.
> 
> -- 
> "When in our age we hear these words: It will be judged by the result--then we
> know at once with whom we have the honor of speaking.  Those who talk this way
> are a numerous type whom I shall designate under the common name of assistant
> professors."  -- Kierkegaard, Fear and Trembling (Wong tr.), III, 112
> 

• Follow-Ups:
  • [hashcash] hash attacks and hashcash (SHA1 partial preimage of 0^160)
    • From: Adam Back

• References:
  • [hashcash] [Fwd: [IRR] New Attacks on Cryptographic Hash Functions]
    • From: Eric S. Johansson
  • [hashcash] Re: [Fwd: [IRR] New Attacks on Cryptographic Hash Functions]
    • From: John Honan
  • [hashcash] Re: [Fwd: [IRR] New Attacks on Cryptographic Hash Functions]
    • From: Jean-Luc Cooke
  • [hashcash] Re: [Fwd: [IRR] New Attacks on Cryptographic Hash Functions]
    • From: Justin Guyett

Other related posts:

• » [hashcash] [Fwd: [IRR] New Attacks on Cryptographic Hash Functions]
• » [hashcash] Re: [Fwd: [IRR] New Attacks on Cryptographic Hash Functions]
• » [hashcash] Re: [Fwd: [IRR] New Attacks on Cryptographic Hash Functions]
• » [hashcash] Re: [Fwd: [IRR] New Attacks on Cryptographic Hash Functions]
• » [hashcash] Re: [Fwd: [IRR] New Attacks on Cryptographic Hash Functions]
• » [hashcash] Re: [Fwd: [IRR] New Attacks on Cryptographic Hash Functions]

1. Home
2. hashcash
3. Archive
4. 08-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---