[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: schneier says sha-1 broken



Dries Schellekens wrote:

It turns out Schneier did not have access to the paper and misjudged the results.

"it seems that Schneier forgot to mention that the paper has a footnote which says that the attack on full SHA-1 only works if some padding (which SHA-1 requires) is not done."
from: http://www.financialcryptography.com/mt/archives/000355.html


So SHA-1 is not broken at all, only reduced round versions and full SHA-1 without this padding. But these are important results that perhaps can be improved.

Actually this reminds me a lot of the Crypto-Gram in which Schneier claimed AES was (may have been) broken. Deja vu:
http://www.schneier.com/crypto-gram-0209.html#1



Cheers,

Dries