[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SHA-1 broken

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: Re: SHA-1 broken
From: Tollef Fog Heen <tfheen@xxxxxx>
Date: Sat, 19 Feb 2005 14:22:12 +0100

* 

| Hey all,
| 
| > We abandon the requirement of collision resistance. This is a
| > strange requirement, and is not supported by experience. Collision
| > resistance
| 
| we might think of changing the requirement of collision resistance
| to "collision resistance in input data that is valid ASCII text". The
| attacks on MD5 used the weak avalanche of the highest-order bit
| in 32-bit words for producing the collision, basically precluding the
| possibility of generating colliding ASCII text.

That's not really useful is you want to sign something in non-English
languages.  Valid UTF8 might be a decent requirement, though.

-- 
Tollef Fog Heen                                                        ,''`.
UNIX is user friendly, it's just picky about who its friends are      : :' :
                                                                      `. `' 
                                                                        `-

Follow-Ups:
- Re: SHA-1 broken
  - From: Denis Jedig

References:
- SHA-1 broken
  - From: Gadi Evron
- Re: SHA-1 broken
  - From: Robert Sussland
- Re: SHA-1 broken
  - From: dullien

Prev by Date: Re: Phishing hole found in IE and OE
Next by Date: Thomson TCW690 POST Password Validation Vulnerability
Previous by thread: Re: SHA-1 broken
Next by thread: Re: SHA-1 broken
Index(es):
- Date
- Thread