|
|
Posted by Jerry Stuckle on 09/06/05 04:17
Erwin Moller wrote:
> Jerry Stuckle wrote:
> >
>
>>That this can be accomplished by "changing a few bits" doesn't surprise
>>me, either. But finding the right bits to change would be very
>>difficult. There would be 1024! (1024 factorial - 1024 x 1023 x 1022 x
>>...) possible combinations. And yes, there would probably be more than
>>one which gave that same hash value.
>
>
> And here you missed the important point (I think):
> You do NOT need to try brute-force all possible combinations.
> The new MD5-cracking algoritm can do that smarter/quicker/better-guessing.
> (I am not sure since they didn't publish their results yet AFAIK)
>
No, I didn't say you had to brute force all possible combinations. But
- there are any number of algorithms for various things which work for a
limited subset of the possibilities - but fail when applied to the
larger set.
But since they haven't published their results, we really don't know, do
we? To me it's suspicious. If it did apply to everything, I would
think they would want to publish it for peer review - and recognition,
if it does pass the peer review. After all - there would be some fame
to the first people to crack it.
>
>>Now - you might be able to analyze the algorithm to limit the
>>possibilities - I haven't tried, so I don't know.
>
>
> And that is excactly what happened.
>
Are you sure? After all - they didn't publish their work.
>
>>But that might help
>>in certain circumstances.
>
>
> It did for Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu: the Chineese
> researchers. :-)
>
So, why haven't they published it?
>
>>Virtually any hash or encryption method can be broken for specific
>>examples.
>>That doesn't mean it isn't secure for general use. Only in
>>those specific examples.
>
>
> True.
> But we just do not know how many SHA-1 hashes are prone to collions-finding
> algoritms.
> A good algoritm will let the Bad Guys only break it brute force, hence
> forcing them to try random inputstrings for a zillion years.
>
Sure we do. Every single one of them. Since there are 160 bits, the
average chance of duplication is 1 in 2^160.
> From Schneier's weblog:
>
> <quote>
> Jon Callas, PGP's CTO, put it best: "It's time to walk, but not run, to the
> fire exits. You don't see smoke, but the fire alarms have gone off." That's
> basically what I said last August.
>
> It's time for us all to migrate away from SHA-1.
>
> Luckily, there are alternatives. The National Institute of Standards and
> Technology already has standards for longer -- and harder to break -- hash
> functions: SHA-224, SHA-256, SHA-384, and SHA-512. They're already
> government standards, and can already be used. This is a good stopgap, but
> I'd like to see more.
> </quote>
>
>
Yep. I'm not saying we shouldn't migrate away from SHA-1. However, I
would like to see the details.
>
> For clarity's sake: I do not claim to be an encryption-expert. You might
> very well know a lot more than me.
> I am just restating what Schneier and Slashdot wrote.
> The math behind it all is way over my head.
>
I'm not an encryption expert, but I do have some math background. Been
a few years, though :-).
> Some links:
> http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
>
> or this newer and much more informative article:
>
> http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html
>
> Regards,
> Erwin Moller
I still want to see the results of peer reviews.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Navigation:
[Reply to this message]
|