| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 20 Feb 2005 11:35:59 -0600 (CST) From: Damian Menscher <menscher@...c.edu> To: securityfocus@...rotechnical.co.uk Cc: bugtraq@...urityfocus.com Subject: Re: SHA-1 broken On Sat, 19 Feb 2005 securityfocus@...rotechnical.co.uk wrote: > > In much the same way if the original text was 'I owe you 1 million > dollars' and the collision text was 'sdf86*&6989h,mni lkj99j' its not > significant. Hey, Nick. I want to confirm that I've installed GPG correctly. Would you mind signing some random text, say, "sdf86*&6989h,mni lkj99j", so I can test it? I'll admit I agree with your point, though. The demonstrated collisions in MD5 (none have been demonstrated in SHA-1 yet) varied four high-order bits. So it'd be fairly unrealistic (in the real world) to generate a useful collision. Here I define "useful" to mean at least one side has to be intelligible (as opposed to your definition of having both sides be intelligible). Damian Menscher -- -=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| <menscher@...c.edu> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=-
Powered by blists - more mailing lists