[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: schneier says sha-1 broken

Dries Schellekens wrote:

It turns out Schneier did not have access to the paper and misjudged the results.

"it seems that Schneier forgot to mention that the paper has a footnote which says that the attack on full SHA-1 only works if some padding (which SHA-1 requires) is not done."
from: http://www.financialcryptography.com/mt/archives/000355.html

So SHA-1 is not broken at all, only reduced round versions and full SHA-1 without this padding. But these are important results that perhaps can be improved.

Actually this reminds me a lot of the Crypto-Gram in which Schneier claimed AES was (may have been) broken. Deja vu: