[Fenfire-dev] Fwd: [p2p-hackers] SHA1 broken?

[Benja Fallenstein]

---------- Forwarded message ----------
From: Gordon Mohr (@ Bitzi) <address@hidden>
Date: Tue, 15 Feb 2005 21:41:05 -0800
Subject: [p2p-hackers] SHA1 broken?
To: p2p-hackers <address@hidden>


Via Slashdot, as reported by Bruce Schneier:

    http://www.schneier.com/blog/archives/2005/02/sha1_broken.html

Schneier writes:

#   SHA-1 Broken
#
# SHA-1 has been broken. Not a reduced-round version. Not a
# simplified version. The real thing.
#
# The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu
# (mostly from Shandong University in China) have been quietly
# circulating a paper announcing their results:
#
#   * collisions in the the full SHA-1 in 2**69 hash operations,
#     much less than the brute-force attack of 2**80 operations
#     based on the hash length.
#
#   * collisions in SHA-0 in 2**39 operations.
#
#   * collisions in 58-round SHA-1 in 2**33 operations.
#
# This attack builds on previous attacks on SHA-0 and SHA-1, and
# is a major, major cryptanalytic result. It pretty much puts a
# bullet into SHA-1 as a hash function for digital signatures
# (although it doesn't affect applications such as HMAC where
# collisions aren't important).
#
# The paper isn't generally available yet. At this point I can't
# tell if the attack is real, but the paper looks good and this
# is a reputable research team.
#
# More details when I have them.

- Gordon @ Bitzi
_______________________________________________
p2p-hackers mailing list
address@hidden
http://zgp.org/mailman/listinfo/p2p-hackers
_______________________________________________
Here is a web page listing P2P Conferences:
http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences