Posted by Richard Lynch on 10/02/70 11:08
Burhan Khalid wrote:
> David Norman wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> I thought some other people would be interested in the other hashes
>> that you can do with mhash that aren't on the php.net docs after the
>> recent news that SHA-1 might be weaker than previously thought:
>>
>> http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
Before we get a hundred posts about SHA-1 being "broken" would eveyrbody
please read:
http://nuglops.com/blog/index.php?p=1021
and maybe *ALL* the contributions way down at the bottom of the original
post link?
You're still looking at thousands of years or millions of dollars to break
SHA-1 if you want to start TODAY.
The wise reader will put "Upgrade to SHA-256" on their "ToDo" list and go
back to work now. :-)
Though I did find the post to add meta-data such as the character
distribution to the hash interesting...
The odds on a SHA-1 being the same for two plain-texts *AND* having the
same number of E's in the plain-texts? Really really really low, seems to
me.
--
Like Music?
http://l-i-e.com/artists.htm
[Back to original message]
|