Ethical Hacking Training at InfoSec Institute

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Computer Forensics Computer-Forensics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Bruce Schneier reports SHA-1 Broken

from [Valdis . Kletnieks] Network Security [Permanent Link]
Subject: Re: Bruce Schneier reports SHA-1 Broken
Date: Wed, 16 Feb 2005 12:55:43 -0500 
On Wed, 16 Feb 2005 08:11:39 EST, David Baker said:

This is a follow up on the issue with hashing, which was brought up before wi

th 

SHA-0 and MD4/5.  The paper describing the problem has apparently not been 
released yet, but Bruce posted some info here:

http://www.schneier.com/blog/archives/2005/02/sha1_broken.html

I see nothing there that poses a "real" use scenario where it would be of 
significant concern, but this certainly adds impetus to the NIST move to 
SHA-256.


Before I went out migrating to SHA-256, I'd wait for the rubble to stop 
bouncing.

Remember that SHA-256, -384, and -512 are structurally quite similar to SHA-1, 
and
it's *NOT* a proven that the supposed attack on -1 doesn't also break (or at 
least
severely weaken) them as well.

On the other hand, when the crypto community has had a chance to read the paper 
and
if there's agreement that the attack *doesn't* also break -256, it would be a 
good
idea to start migrating....

Attachment: pgpLSHfT69quZ.pgp
Description: PGP signature

[More with this subject...]


<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: SHA1 showing it's age, Matthew Pepe
Next by Date:  Re: SHA1 showing it's age, Tim
Previous by Thread:  Bruce Schneier reports SHA-1 Broken, David Baker
Next by Thread:  Words of wisdom on recent SHA collisions, Gary Palmer
Indexes:  [Date] [Thread] [Top] [All Lists]