Re: [sleuthkit-users] Words of wisdom on recent SHA collisions
Brought to you by:
carrier
From: Gary P. <pa...@mi...> - 2005-02-17 15:30:47
|
Sorry the numbers 269 and 280 should read in exponential notation. The correction is 2**69 and 2**80 respectively Gary Palmer wrote: > Hi, > Just received this from Doug White (NIST) who is attending RSA. He and > his colleagues has some thoughtful statements about the state of SHA > both theoretically and in practice. > ciao, > Gary > ******************** > > Gary, > > I'm replying to you, and, as I can't post to CFID, if you wish to > forward this, you may. > > Let me first say I am not in the Computer Security Division at NIST, > and my opinions do not represent NIST's official response to this > SHA-1 collision news. > > At RSA on Tuesday morning, Shamir made the statement that he had > received an email over the weekend from a team claiming to have > manufactured a full SHA-1 collision in 269. From his statements, > I (and others) assume that he has seen an advance copy of a paper > or an outline of the process, and that there is no public release > of the work yet, with no expected date. > > While this is fascinating and an advance on several fronts - collision > through 80 rounds, in well under 280 (theoretical threshold) - I > do not believe it affects the usefulness of SHA-1 as applied in > our situation. There has always been a possibility of SHA-1 collisions, > the probability of SHA-1 collisions has not, as far as I can see, > been raised greatly. I do not know but I highly doubt that this new > research could lead to a preimage attack. > > There are more SHA-1 related tracks at RSA today that I will be > attending, and if any news comes out there, I will forward it on > to you and the list. > > Doug > > >>>>> This year, Eli Biham and Rafi >>>>> Chen, and separately Antoine Joux, announced some pretty impressive >>>>> cryptographic results against MD5 and SHA. Collisions have been >>>>> demonstrated in SHA. And there are rumors, unconfirmed at this >>>>> writing, of results against SHA-1. >>>>> >>>>> The magnitude of these results depends on who you are. If you're a >>>>> cryptographer, this is a huge deal. .... >>>>> >>>>> To a user of cryptographic systems -- as I assume most readers are -- >>>>> this news is important, but not particularly worrisome. MD5 and SHA >>>>> aren't suddenly insecure. No one is going to be breaking digital >>>>> signatures or reading encrypted messages anytime soon with these >>>>> techniques. The electronic world is no less secure after these >>>>> announcements than it was before. >>>> >>> >> > > > Douglas White National Institute of Standards and Technology > National Software Reference Library - http://www.nsrl.nist.gov > NIST, 100 Bureau Drive Stop 8970, Gaithersburg, MD 20899-8970 > Voice: 301-975-4761 Fax: 301-926-3696 Email:dou...@ni... > My opinions aren't necessarily my employer's nor any other > organization's. > "It would be better if it was perfect." > > > > > > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org > |