[sleuthkit-users] Words of wisdom on recent SHA collisions
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-users] Words of wisdom on recent SHA collisions
|
From: Gary P. <pa...@mi...> - 2005-02-17 15:13:03
|
Hi, Just received this from Doug White (NIST) who is attending RSA. He and his colleagues has some thoughtful statements about the state of SHA both theoretically and in practice. ciao, Gary ******************** Gary, I'm replying to you, and, as I can't post to CFID, if you wish to forward this, you may. Let me first say I am not in the Computer Security Division at NIST, and my opinions do not represent NIST's official response to this SHA-1 collision news. At RSA on Tuesday morning, Shamir made the statement that he had received an email over the weekend from a team claiming to have manufactured a full SHA-1 collision in 269. From his statements, I (and others) assume that he has seen an advance copy of a paper or an outline of the process, and that there is no public release of the work yet, with no expected date. While this is fascinating and an advance on several fronts - collision through 80 rounds, in well under 280 (theoretical threshold) - I do not believe it affects the usefulness of SHA-1 as applied in our situation. There has always been a possibility of SHA-1 collisions, the probability of SHA-1 collisions has not, as far as I can see, been raised greatly. I do not know but I highly doubt that this new research could lead to a preimage attack. There are more SHA-1 related tracks at RSA today that I will be attending, and if any news comes out there, I will forward it on to you and the list. Doug >>>> This year, Eli Biham and Rafi >>>> Chen, and separately Antoine Joux, announced some pretty impressive >>>> cryptographic results against MD5 and SHA. Collisions have been >>>> demonstrated in SHA. And there are rumors, unconfirmed at this >>>> writing, of results against SHA-1. >>>> >>>> The magnitude of these results depends on who you are. If you're a >>>> cryptographer, this is a huge deal. .... >>>> >>>> To a user of cryptographic systems -- as I assume most readers are -- >>>> this news is important, but not particularly worrisome. MD5 and SHA >>>> aren't suddenly insecure. No one is going to be breaking digital >>>> signatures or reading encrypted messages anytime soon with these >>>> techniques. The electronic world is no less secure after these >>>> announcements than it was before. >> >> Douglas White National Institute of Standards and Technology National Software Reference Library - http://www.nsrl.nist.gov NIST, 100 Bureau Drive Stop 8970, Gaithersburg, MD 20899-8970 Voice: 301-975-4761 Fax: 301-926-3696 Email:dou...@ni... My opinions aren't necessarily my employer's nor any other organization's. "It would be better if it was perfect." |
