[18211] in cryptography@c2.net mail archive
Re: faster SHA-1 attacks?
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Wed Aug 17 08:39:24 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: "Perry E. Metzger" <perry@piermont.com>
Cc: cryptography@metzdowd.com
In-Reply-To: Your message of "Wed, 17 Aug 2005 08:21:31 EDT."
<87d5ocsqic.fsf@snark.piermont.com>
Date: Wed, 17 Aug 2005 08:37:37 -0400
In message <87d5ocsqic.fsf@snark.piermont.com>, "Perry E. Metzger" writes:
>
>I was unable to watch webcast of the rump session at the Crypto
>conference last night, but I have heard that a proxy announced that
>Wang has an order 2^63 attack on SHA-1. Can anyone confirm that, and
>give details?
>
Shamir gave her rump session talk (and first gave a humorous
presentation on why she couldn't get a visa -- she admitted to
attacking U.S. government systems, and used collisions). She is indeed
claiming a 2^63 attack, and found a new path to use in the attack.
Because of the new path, there is reason to think the attack will get
even better. Shamir noted that 2^63 is within reach of a distributed
Internet effort to actually find one.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
