[17013] in cryptography@c2.net mail archive
Re: [IP] One cryptographer's perspective on the SHA-1 result
daemon@ATHENA.MIT.EDU (James A. Donald)
Sat Mar 5 10:43:52 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "James A. Donald" <jamesd@echeque.com>
To: cryptography@metzdowd.com
Date: Fri, 04 Mar 2005 14:23:16 -0800
In-reply-to: <20050224023725.BEA633C00AA@berkshire.machshav.com>
--
On 23 Feb 2005 at 21:37, Steven M. Bellovin wrote:
> I don't know if there's quite the need for open process for a
> hash function as there was for a secrecy algorithm. The AES
> process, after all, had to cope with the legacy of Clipper
> and key escrow, to say nothing of the 25 years of DES
> paranoia that was only laid to rest by the reinvention of
> differential cryptanalysis. (The Deep Crack machine only
> confirmed another part of the paranoia, of course, but the
> essential parameter it exploited -- key size -- was both
> obviously insufficient in 1979 and obviously sufficient from
> the requirements of the AES competition.) It is clear, as
> Burt said, that we need a large-scale effort to produce new
> and better hash functions. To try to repair the MD*/SHA*
> family is to risk the cry of "epicycles".
The attacks on MD*/SHA* are weak and esoteric. It is not so
fundamentally broken as to justify starting over.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
QVYtFQAELN4YlZ9xB60CvXTqW8QT8rOABMbJrPXE
4hz2qo1jnDwc3tmFFeyh6lG9sOrXL1783FYSh2s+v
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
