At 02:55 PM 2/18/2005 +0100, Dr. Stephen Henson writeth: >On Fri, Feb 18, 2005, Przemek Michalski wrote: > >> Hi there, >> >> Anyone heard the recent news on breaking the SHA-1 hashing algorithm? >> >> I guess this is not yet official and God only knows if it is true, however what impact >> would this fact have on the SHA-1/RSA digital certificate signature technology in overall >> look. >> >> Any comments? >> >> You may view the following link to read more about this issue: >> http://www.schneier.com/blog/archives/2005/02/sha1_broken.html >> > >Based on current info (which may well change!) I'd agree with various other >commentators that this is more a "wake up call" than a major disaster.
Historically, when collisions have been found, other future optimizations are found that break the algorithm further. MD5 was already considered cryptographically weak when it was "broken" back in mid-August 2004 and 40 of 80 rounds of SHA-1 were busted at that time too (cryptanalysts were the only ones disappointed - some thought it was a full break and was only a partial break - the rest of us lazy bums sighed a bit of relief because, well, we didn't want to think about a complete SHA-1 break). Even if SHA-1 is ever completely broken to bring it to the status of a very weak hash (e.g. takes a minute or two to break), there are plenty of other hash algorithms to look into using (including the SHA-2 series)...although no one has really been doing serious R&D on public hash algorithms since 1999. The ideology was that there was no need to because MD5 and SHA-1 seemed to be doing a fine job. Thomas J. Hruska [EMAIL PROTECTED] Shining Light Productions Home of the Nuclear Vision scripting language and ProtoNova web server. http://www.slproweb.com/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
