[p2p-hackers] SHA1 broken?
Jeff Hoye
jeffh at cs.rice.edu
Wed Feb 16 06:51:45 UTC 2005
Let's wait for a real report. But it's cool if it's true.
-Jeff
Gordon Mohr (@ Bitzi) wrote:
> Via Slashdot, as reported by Bruce Schneier:
>
> http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
>
> Schneier writes:
>
> # SHA-1 Broken
> #
> # SHA-1 has been broken. Not a reduced-round version. Not a
> # simplified version. The real thing.
> #
> # The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu
> # (mostly from Shandong University in China) have been quietly
> # circulating a paper announcing their results:
> #
> # * collisions in the the full SHA-1 in 2**69 hash operations,
> # much less than the brute-force attack of 2**80 operations
> # based on the hash length.
> #
> # * collisions in SHA-0 in 2**39 operations.
> #
> # * collisions in 58-round SHA-1 in 2**33 operations.
> #
> # This attack builds on previous attacks on SHA-0 and SHA-1, and
> # is a major, major cryptanalytic result. It pretty much puts a
> # bullet into SHA-1 as a hash function for digital signatures
> # (although it doesn't affect applications such as HMAC where
> # collisions aren't important).
> #
> # The paper isn't generally available yet. At this point I can't
> # tell if the attack is real, but the paper looks good and this
> # is a reputable research team.
> #
> # More details when I have them.
>
> - Gordon @ Bitzi
> _______________________________________________
> p2p-hackers mailing list
> p2p-hackers at zgp.org
> http://zgp.org/mailman/listinfo/p2p-hackers
> _______________________________________________
> Here is a web page listing P2P Conferences:
> http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences
More information about the P2p-hackers
mailing list