[15924] in cryptography@c2.net mail archive
SHA-1 rumors
daemon@ATHENA.MIT.EDU (Eric Rescorla)
Mon Aug 16 15:45:34 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: cryptography@metzdowd.com
Date: Mon, 16 Aug 2004 12:32:57 -0700
From: Eric Rescorla <ekr@rtfm.com>
Ed Felten's blog is carrying the rumor that a break in SHA-1
is going to be announced soon:
http://www.freedom-to-tinker.com/archives/000661.html
I've also done some off-the-cuff analysis of how bad this
would be in practice, which you can find here:
http://www.rtfm.com/movabletype/archives/2004_08.html#001051
The key question is whether it's just collisions, which would
be embarassing, but which don't affect most applications, or
whether there is forward progress in finding preimages.
Anyone know anything about this rumor?
-Ekr
P.S. AFAIK, although Dobbertin was able to find preimages for
reduced MD4, there still isn't a complete break in MD4. Correct?
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
