[p2p-hackers] SHA1 broken?
Paul Campbell
paul at ref.nmedia.net
Wed Feb 16 13:15:36 UTC 2005
On Tue, Feb 15, 2005 at 09:41:05PM -0800, Gordon Mohr (@ Bitzi) wrote:
> Via Slashdot, as reported by Bruce Schneier:
>
> http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
>
> Schneier writes:
>
> # SHA-1 Broken
I saw this a few months ago. It's not just SHA-1. All ciphers based on the
MD-5 S-box design are apparently vulnerable. At this point, it appears that
there are two options for the future:
1. Go to something with a larger internal state (256-bit state), and that is
NOT just an extended version of the original (as the extended SHA standards
attempt to do).
2. Go to a completely different type of cipher. The choices right now are
either digital signatures via elliptic curves, or else using one of the
stream cipher designs. Since neither one is really optimized for hashing-type
operations, they are essentially no-go's for most P2P uses (e.g. DHT's). When
I say "optimized", by that I mean very SLOW by the way.
More information about the P2p-hackers
mailing list