Paul Rubin <http://[EMAIL PROTECTED]> wrote: > > FYI. > >From <http://www.schneier.com/blog/archives/2005/02/sha1_broken.html>: > > The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu > (mostly from Shandong University in China) have been quietly > circulating a paper announcing their results: > > * collisions in the the full SHA-1 in 2**69 hash operations, > much > less than the brute-force attack of 2**80 operations based on > the hash length. > > * collisions in SHA-0 in 2**39 operations. > > * collisions in 58-round SHA-1 in 2**33 operations. > ... > > This is the same group that broke MD5 a few months ago and so this is > probably real. It doesn't immediately turn everyone's applications > inseecure (2**69 operations is still more than the 2**64 operations > that it takes to break MD5 by brute force) and if it's like the MD5 > result, finds only free rather than targeted collisions. So don't > panic.
Also, the new findings only apply to hash collisions, not to the invertibility of SHA1 hashes - thus, as Schneier points out, uses of keyed hashes (such as HMAC) are not compromised by this. Tim C -- http://mail.python.org/mailman/listinfo/python-list
