[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: schneier says sha-1 broken

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: schneier says sha-1 broken
From: Dries Schellekens <gwyllion_(_at_)_ulyssis_(_dot_)_org>
Date: Thu, 17 Feb 2005 17:37:12 +0100

Dries Schellekens wrote:

It turns out Schneier did not have access to the paper and misjudged the results.

"it seems that Schneier forgot to mention that the paper has a footnote which says that the attack on full SHA-1 only works if some padding (which SHA-1 requires) is not done." from: http://www.financialcryptography.com/mt/archives/000355.html

So SHA-1 is not broken at all, only reduced round versions and full SHA-1 without this padding. But these are important results that perhaps can be improved.

Actually this reminds me a lot of the Crypto-Gram in which Schneier claimed AES was (may have been) broken. Deja vu: http://www.schneier.com/crypto-gram-0209.html#1


Cheers,

Dries

References:
- schneier says sha-1 broken
  - From: -f
- Re: schneier says sha-1 broken
  - From: Dries Schellekens

Prev by Date: OpenBGPD, Cisco and md5 passwords
Next by Date: OpenBSD 3.6-stable mesh VPN success story
Previous by thread: Re: schneier says sha-1 broken
Next by thread: Re: schneier says sha-1 broken
Index(es):
- Date
- Thread

Visit your host, monkey.org