[144383] in cryptography@c2.net mail archive
Re: SHA-1 collisions now at 2^{52}?
daemon@ATHENA.MIT.EDU (Greg Rose)
Thu Apr 30 23:11:05 2009
Cc: Greg Rose <ggr@qualcomm.com>,
"cryptography@metzdowd.com" <cryptography@metzdowd.com>
From: Greg Rose <ggr@qualcomm.com>
To: "Perry E. Metzger" <perry@piermont.com>
In-Reply-To: <87zldxiur5.fsf@snark.cb.piermont.com>
Date: Thu, 30 Apr 2009 19:54:43 -0700
On 2009 Apr 30, at 4:31 , Perry E. Metzger wrote:
>
> Eric Rescorla <ekr@networkresonance.com> writes:
>> McDonald, Hawkes and Pieprzyk claim that they have reduced the
>> collision
>> strength of SHA-1 to 2^{52}.
>>
>> Slides here:
>> http://eurocrypt2009rump.cr.yp.to/
>> 837a0a8086fa6ca714249409ddfae43d.pdf
>>
>> Thanks to Paul Hoffman for pointing me to this.
>
> This is a very important result. The need to transition from SHA-1
> is no
> longer theoretical.
It already wasn't theoretical... if you know what I mean. The writing
has been on the wall since Wang's attacks four years ago.
BTW, it is my (our) opinion that the current attacks can't be extended
to the SHA-2 family, due to the avalanche effect in the data
expansion, which is significantly different to the designs of its
ancestors. SHA-2 would need a new breakthrough.
Greg.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
