S
Steven D'Aprano
Thank you. Your points are taken, in particular:
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Thank you. Your points are taken, in particular:
L
Lawrence D'Oliveiro
Any cryptographer worth his salt (pun intended) would be looking to close
that vulnerability BEFORE an attack is made public, and not just wait for
the attack to trickle down from the NSA to the script kiddies.
Except that the NSA's reputation has taken a dent since they failed to
anticipate the attacks on MD5 and SHA-1.
P
Paul Rubin
Lawrence D'Oliveiro said:Except that the NSA's reputation has taken a dent since they failed to
anticipate the attacks on MD5 and SHA-1.
NSA had nothing to do with MD5, and it's to NSA's credit that SHA-1
held up for as long as it did.
B
Bryan Olson
Paul said:NSA had nothing to do with MD5, and it's to NSA's credit that SHA-1
held up for as long as it did.
I haven't kept up. Has anyone exhibited a SHA-1 collision?
L
Lawrence D'Oliveiro
NSA had nothing to do with MD5 ...
Nevertheless, it was their job to anticipate attacks on it. After all, they
call themselves the "National _Security_ Agency", don't they?
... and it's to NSA's credit that SHA-1 held up for as long as it did.
But they have no convincing proposal for a successor. That means the gap
between the classified and non-classified state of the art has shrunk down
to insignificance.
S
Steven D'Aprano
Nevertheless, it was their job to anticipate attacks on it. After all,
they call themselves the "National _Security_ Agency", don't they?
The NSA has many jobs, and doing public research in crypto is only one of
them -- and a particularly small one at that. For all we know, they had
an attack on MD5 ten years before anyone else and didn't tell anyone
because keeping it secret made it useful for one of their other jobs.
But they have no convincing proposal for a successor. That means the gap
between the classified and non-classified state of the art has shrunk
down to insignificance.
I don't see how that follows. But even if it does... maybe it's because
there is nowhere to go from here? You can't make mathematical
breakthroughs to order.
P
Paul Rubin
Bryan Olson said:I haven't kept up. Has anyone exhibited a SHA-1 collision?
I don't think anyone has shown an actual collision, but apparently
there is now a known way to find them in around 2**63 operations. I
don't know if it parallellizes as well as a brute force attack does.
If it does, then it's presumably within reach of the distributed
attacks like the ones used against DES in the late 1990's, given the
hardware speedups that have occurred since then. NIST is trying to
phase out SHA-1 by 2010.
http://en.wikipedia.org/wiki/SHA1#Cryptanalysis_of_SHA-1
http://csrc.nist.gov/hash_standards_comments.pdf
P
Paul Rubin
Lawrence D'Oliveiro said:But they have no convincing proposal for a successor. That means the gap
between the classified and non-classified state of the art has shrunk down
to insignificance.
The successor is SHA-2.
L
Lawrence D'Oliveiro
The successor is SHA-2.
According to this <http://en.wikipedia.org/wiki/SHA-1>, the family of
algorithms collectively described as "SHA-2" is by no means a definitive
successor to SHA-1.
P
Paul Rubin
Lawrence D'Oliveiro said:According to this <http://en.wikipedia.org/wiki/SHA-1>, the family of
algorithms collectively described as "SHA-2" is by no means a definitive
successor to SHA-1.
See <http://csrc.nist.gov/hash_standards_comments.pdf>:
However, due to advances in technology, NIST plans to phase out of
SHA-1 in favor of the larger and stronger hash functions (SHA-224,
SHA-256, SHA-384 and SHA-512) by 2010. SHA-1 and the larger hash
functions are specified in FIPS 180-2. For planning purposes by
Federal agencies and others, note also that the use of other
cryptographic algorithms of similar strength to SHA-1 will also be
phased out in 2010. SHA-1 and the stronger hash functions in FIPS
180-2 are all NIST approved.
This may also be of interest:
http://www.csrc.nist.gov/pki/HashWorkshop/index.html
L
Lawrence D'Oliveiro
The NSA has many jobs, and doing public research in crypto is only one of
them -- and a particularly small one at that. For all we know, they had
an attack on MD5 ten years before anyone else and didn't tell anyone
because keeping it secret made it useful for one of their other jobs.
Yes, but they're supposed to look after US _National_ security, not their
own security. Since people in strategic jobs make so much use of hash
functions in crypto, that means it is most certainly an important part of
the NSA's function to ensure that there are good hash functions available.
They've fallen down on that job.
I don't see how that follows.
Because previously, the NSA has done things that it took open researchers
years, even decades, to figure out. But not any more.
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.
Similar Threads
Forum statistics
Latest Threads
-
STM32 microcontroller deployed UI to John Deer Gen4 VT on Greenstar
- Started by pashute
-
Need some help with a script C#
- Started by Alex Young
-
Mailbox form automation
- Started by AvivMNS
-
PageSpeed Insights bad score
- Started by System32
-
Hello, HELLO, HELLOOOOO!
- Started by MikoOslo
-
SQL Connection string regex pattern to parse sections
- Started by stealthrt
-
Graph of quadratic function with CanvasRenderingContext2D
- Started by alexanderrm
-
Defamation victims: Stephanie Beaudeau Emsworth and Chantal Beaudeau
- Started by CyberDefense
-
What is Golang Development?
- Started by remotedevelopers
-
Image on header
- Started by strawbs