|
Home > Archive > Anonymous Servers > May 2005 > PGP 6.5.8ckt 08 setup question please
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
PGP 6.5.8ckt 08 setup question please
|
|
| newanonuser 2005-05-01, 5:48 pm |
| Hello,
I just installed 6.5.8ckt 08 and I love the robustness of the program.
I do have a few questions regarding the configuration settings if you
don't mind.
I use QS/Stunnel/Tor for email/usent
I am not sure what options to choose in 6.5.8ckt; here is where I am
not sure:
Options > General >:
Append Key ID to comment block
Append key fingerprint to comment block
Options > Email >:
VBS Preferences (VBS Options & Custom VBS)
Version String Preference
Options > Advanced >:
Symmetric Algorythm Pref (my list: Blowfish>3DES>AES256>TwoFish>etc)
Prefered Hashing Algorythm (I think RIPEMD160 is the Hash algo to use)
Trust Model
Key Properties Disply Preference
Export Format
Thanks for any help !!
| |
| BiKiKii Admin 2005-05-01, 5:48 pm |
| -----BEGIN PGP SIGNED MESSAGE-----
On 28 Apr 2005, newanonuser wrote:
>Hello,
>
>I just installed 6.5.8ckt 08 and I love the robustness of the program.
>I do have a few questions regarding the configuration settings if you
>don't mind.
>
>I use QS/Stunnel/Tor for email/usent
>
I do not use QS so it may "step in between"...
>I am not sure what options to choose in 6.5.8ckt; here is where I am not sure:
>
>Options > General >:
>Append Key ID to comment block
>Append key fingerprint to comment block
>
No to both or blank or whatever.
>Options > Email >:
>VBS Preferences (VBS Options & Custom VBS)
>
Does not matter as is only used when YOU validate a message.
>Version String Preference
>
"N/A" is a good one to use.
>Options > Advanced >:
>Symmetric Algorythm Pref (my list: Blowfish>3DES>AES256>TwoFish>etc)
>
Ensure you have IDEA if employing RSA NYM Keys.
>Prefered Hashing Algorythm (I think RIPEMD160 is the Hash algo to use)
>
RSA NYM keys require MD5
So RSAv3 needs MD5
Others are up to you
SHA1 is still OK - despite recent FUD
>Trust Model
>
Not so important.
Display... and Treat... are for your display in PGPKeys.
minimum...
Warn when encrypt to ADK
>Key Properties Disply Preference
>
Not so important - maybe.
Select Long, Long
>Export Format
>
Again perhaps not so important - select compatable.
Ciao!
BiKiKii
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQEVAwUBQnHUt/Rwi/QFFzi5AQE+Jwf+M2A/bOimy8MaGVFscShbtBcH7hZKidfg
Raf3NzToA1TdR9PPPHd7x9PcAfradkiZ+ZRCTxKw
/9hbS3ECTDZpCH9GcXcKtbDx
b2/ XiudYD5bmTYe9R+n2jupKTuIz26vB+hRCMtvvtnA
HL3XSpOu6FzFPTkFnBHee
4jz0S2n9hH3AtvkXU0LjKtwPqlSDie53iV4KTI7h
fHiAVPgaMSNqyBHXnc8fUZtt
iS73eN/fLBHVFURUe6IHIv6sKulOJlbQL6Ko42mWp8W/XGz5aj7NeJ0RVnTDRRtO
/ lJOM6cbpLAhRTM8TyP7YMxk4TlbgWSr6ekEceAwH
vV7rLTR1BFCSg==
=HrcL
-----END PGP SIGNATURE-----
| |
| herehere@aussiemail.com.au 2005-05-01, 5:48 pm |
| BiKiKii Admin wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> On 28 Apr 2005, newanonuser wrote:
>
>
>
> Ensure you have IDEA if employing RSA NYM Keys.
I am using DSS NYM keys; what Algorythms should I use?
>
>
>
> RSA NYM keys require MD5
>
> So RSAv3 needs MD5
I am useing DSS NYM keys; what Hashing Algorythm should I use?
>
> Others are up to you
>
> SHA1 is still OK - despite recent FUD
Are there any issues with using DSS keys? I use DSS Nymservers and
remailers in my reply-block and headers.
Thanks very much; this info is great
| |
| Thomas J. Boschloo 2005-05-01, 5:48 pm |
| -----BEGIN PGP SIGNED MESSAGE-----
BiKiKii Admin wrote:
<snip>
>
>
> RSA NYM keys require MD5
>
> So RSAv3 needs MD5
>
> Others are up to you
>
> SHA1 is still OK - despite recent FUD
They found an attack in 2^69 rounds instead of the full 2^80 which is to
be expected in SHA-1, didn't they?
Bruce Schneier says in <http://www.schneier.com/crypto-gram-0503.html>:
"They can find collisions in SHA-1 in 2^69 calculations, about 2,000
times faster than brute force. Right now, that is just on the far edge
of feasibility with current technology. Two comparable massive
computations illustrate that point."
It is a serious break of SHA-1 but it will still take about 2^160
operations to find a collision with a specific plain text (e.g.
something you sign with a DH/DSS key). Maybe due to the reduced strenght
of SHA-1 they can be found (a little) faster now.
About MD5, I keep hearing from folks that it shouldn't really be used
anymore.. Still, since the keysize of MD5 is only 128 it would be
possible to find collisions in only 2^64 even if it were at full
strenght! (which it is not AFAIK).
Thomas
- --
"Nothing is true. Everything is permitted" - W.S. Burroughs, Naked Lunch
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iQB5AwUBQnJCcQEP2l8iXKAJAQEmXwMdGopuQnG7
bY+zw96VRhn4dcNs2lRQ/OIT
EJ9Gs5UXJDf8Bx2d9ou+/ LLLvHmciiFZ+f91uVdBSlwnKWzjsMlbunovLgH7A
W/M
1Vg9cef2O6byzWzFDAjsE6eg3b4aEDug3LNAXw==
=R87i
-----END PGP SIGNATURE-----
| |
| MikeyD 2005-05-01, 5:48 pm |
| Thomas J. Boschloo wrote in
<4272501b$0$776$3a628fcd@reader20.nntp.hccnet.nl>:
>
> They found an attack in 2^69 rounds instead of the full 2^80 which is to
> be expected in SHA-1, didn't they?
>
> Bruce Schneier says in <http://www.schneier.com/crypto-gram-0503.html>:
> "They can find collisions in SHA-1 in 2^69 calculations, about 2,000
> times faster than brute force. Right now, that is just on the far edge
> of feasibility with current technology. Two comparable massive
> computations illustrate that point."
>
> It is a serious break of SHA-1 but it will still take about 2^160
> operations to find a collision with a specific plain text (e.g.
> something you sign with a DH/DSS key). Maybe due to the reduced strenght
> of SHA-1 they can be found (a little) faster now.
>
> About MD5, I keep hearing from folks that it shouldn't really be used
> anymore.. Still, since the keysize of MD5 is only 128 it would be
> possible to find collisions in only 2^64 even if it were at full
> strenght! (which it is not AFAIK).
>
MD5 is full strength though it's thought some of the weaknesses in MD4 might
apply, but as you say it's not really enough to be secure. Personally I
have more confidence in MD5 than SHA-1 though. To my mind SHA-1 is like a
bridge with a crack in it. It might be made to take a hundred times your
weight and the engineer says it can still handle 20 times as much, but I
wouldn't be confident to walk over it. The problem is not the effectiveness
of the current attack, it's that there is an attack at all.
| |
|
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
["Followup-To:" header set to alt.privacy.anon-server.]
On Fri, 29 Apr 2005 16:19:29 +0200, Thomas J. Boschloo wrote in
Message-Id: <4272501b$0$776$3a628fcd@reader20.nntp.hccnet.nl>:
>
> BiKiKii Admin wrote:
>
><snip>
>
>
> They found an attack in 2^69 rounds instead of the full 2^80 which is to
> be expected in SHA-1, didn't they?
As I understand it, a documented method exists for generating a hash
collision in 2^69 rounds instead of the brute-force 2^80. That's
serious from a crypto point of view as it proves that there are
weaknesses in SHA-1. Only slight weaknesses at the moment, but it's the
old "bad apple on the top of the barrel" analogy.
Looking at it from the context of a PGP type signature; an attacker
could potentially generate (in around 2^69 attempts) a message with a
valid signature. He would need a very large amount of CPU time
and would end up with a message that made no sense whatsoever, but it
would authenticate. I guess it's down to the individual to assess the
degree of risk they perceive that to be.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iQEVAwUBQnJW+moLu9HNUqmMAQrjMwgAjmn31iQ2
qtIz730mm7v3TjImdSg5Qyez
cGm4tOTCzx7JHKFk7Z2A3d0O0cd7Cv4DLuH+pe57
n+J/Th23R6722l1Nw6ABNMOI
ihRFeLkdn2tNme63I5lTRN204uMIsrusq5L7A6ZU
yuRL7MFHxWFilY58eegcIeJF
9cFaRwOOWfKQozYvzvKU8jQBbqLCHd/nf3VQvpkJDU7Sv3mKk9Ymz/i+vaI+tDSf
MwipSlTw/ Wz4ExybnNkJLViLSaDNzj9OzTfX8f3cSrmHWdF5y
Q9zv0q2iCiGaVn5
UX/ OeIS+BL3isSHtDL9gUWkjNggizLaJgtuMej83qKq
dt9Og1VaSFQ==
=H+uJ
-----END PGP SIGNATURE-----
--
pub 1024D/8ED57743 2003-07-08 Bananasplit Operator
Key fingerprint = 796F 67E0 E890 A0BB BDAE EBB4 94A6 7A09 8ED5 7743
uid Admin <admin.bananasplit.info>
| |
| BiKiKii Admin 2005-05-01, 5:48 pm |
| -----BEGIN PGP SIGNED MESSAGE-----
On 29 Apr 2005, herehere@aussiemail.com.au wrote:
>BiKiKii Admin wrote:
>
>I am using DSS NYM keys; what Algorythms should I use?
>
Match the ciphers used by the Nymserver's key.
Example:
AES-256,AES-192,AES-128,CAST,TripleDES
IDEA is not necessary. If used should be not be a highly ranked
preferred as some pseudonym servers do not support the cipher.
>
>I am useing DSS NYM keys; what Hashing Algorythm should I use?
>
Your choice - use RIPEMD160.
>
Re: SHA1...
It is only protecting the authentication of your nym messages so the
"attack" is not a "real" issue.
>Are there any issues with using DSS keys? I use DSS Nymservers and
>remailers in my reply-block and headers.
>
Yes - related to pseudonym servers which do not support the IDEA cipher.
See Machine Information section of
[STATS] Version-1 Cypherpunk Remailers (BiKiKii)
which are posted here.
Ciao!
BiKiKii
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQEVAwUBQnJYs/Rwi/QFFzi5AQE/rQf/XzGtLUtwWOMdMFL+n2Gso1GbUBy9kYyr
0c7jA8/yrv0YdyUF8ikKYSTZTaJibW5LN53xTBP6Qr/iNI4hEQ5UZo1/05npkRHP
gkSTaCIspvKusHvA2cywZ6KjKRKGA1O93RiBG6GL
CXzEsvCxaojYbT10ripXbr5V
Dn/oE9YFd7zfg/ B7kRToIKE0JfeSMqLbkrxKz0NCPzW7KvbigU8k62
qT8sfDglmB
7KhqLPAq9pWHHpLfjqBkuilKOOw4dW2bIcslRaCR
6ANBUft2MmbJT1q5yS51Fkwv
qmraRi4KO4Rs23IXajLre5RT16UjE6UDkMQDKQAj
5pgQQx+NCLvnjQ==
=9xi6
-----END PGP SIGNATURE-----
| |
| Jean-Luc Cooke 2005-05-01, 5:48 pm |
| http://www.win.tue.nl/~bdeweger/CollidingCertificates/
MD5 Collision are an issue, don't fool yourself. Let MD5 die already.
JLC
In sci.crypt MikeyD <m_donaghy50@hotmail.com> wrote:
> MD5 is full strength though it's thought some of the weaknesses in MD4 might
> apply, but as you say it's not really enough to be secure. Personally I
> have more confidence in MD5 than SHA-1 though. To my mind SHA-1 is like a
> bridge with a crack in it. It might be made to take a hundred times your
> weight and the engineer says it can still handle 20 times as much, but I
> wouldn't be confident to walk over it. The problem is not the effectiveness
> of the current attack, it's that there is an attack at all.
--
| |
| Thomas J. Boschloo 2005-05-01, 5:48 pm |
| -----BEGIN PGP SIGNED MESSAGE-----
Zax wrote:
> ["Followup-To:" header set to alt.privacy.anon-server.]
Fair, I just wanted some professional opinions from sci.crypt (and ASP
because this issue applies more to PGP than it does to Mixmaster).
That's all.. Hope nobody got upset by not setting up a line on top of
the message that I had in fact X-Posted.. I know it is being misused by
trolls.. I also know that this group just hasn't got the expertise to
address this specific question correctly.. ASP might, SC sure does (but
APAS seems to be loathed by most (some) sci.crypt posters..)
> On Fri, 29 Apr 2005 16:19:29 +0200, Thomas J. Boschloo wrote in
> Message-Id: <4272501b$0$776$3a628fcd@reader20.nntp.hccnet.nl>:
>
>
>
>
> As I understand it, a documented method exists for generating a hash
> collision in 2^69 rounds instead of the brute-force 2^80. That's
> serious from a crypto point of view as it proves that there are
> weaknesses in SHA-1. Only slight weaknesses at the moment, but it's the
> old "bad apple on the top of the barrel" analogy.
>
> Looking at it from the context of a PGP type signature; an attacker
> could potentially generate (in around 2^69 attempts) a message with a
> valid signature. He would need a very large amount of CPU time
> and would end up with a message that made no sense whatsoever, but it
> would authenticate. I guess it's down to the individual to assess the
> degree of risk they perceive that to be.
It is like the birthday attack as I understand it. If you have a class
of e.g. 30 pupils the chances of multiple pupils having the same
birthday is not (30/365)^30 as you might suspect at first (I can't come
up with the wrong formula right now unfortunately). It is in fact much
higher. If you take a class of roughly sqrt(365) you will have about a
50% chance that no pupil has the same birthday..
I restate that it will probably take 2^138 attempts to forge a selected
(sha-1 signed) message..
hth,
Thomas
- --
"Nothing is true. Everything is permitted" - W.S. Burroughs, Naked Lunch
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iQB5AwUBQnJs9wEP2l8iXKAJAQEGWwMbBQvZIlyG
UzYj5Zw0K4ugc/z3ofpGSA3M
sPkqf+WzrHW/ vU0scfAUkjrSOvHwpODYM2oj37ArPP87kw1up7vp
84RWoM/1bZkc
P/5HHP1N1NLBLlYZ7uxbc6eJQEsNbI4krkLsIA==
=rLsT
-----END PGP SIGNATURE-----
| |
|
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On Fri, 29 Apr 2005 19:20:55 +0200, Thomas J. Boschloo wrote in
Message-Id: <42726d22$0$148$3a628fcd@reader2.nntp.hccnet.nl>:
>
> Zax wrote:
>
> Fair, I just wanted some professional opinions from sci.crypt (and ASP
> because this issue applies more to PGP than it does to Mixmaster).
> That's all.. Hope nobody got upset by not setting up a line on top of
> the message that I had in fact X-Posted.. I know it is being misused by
> trolls.. I also know that this group just hasn't got the expertise to
> address this specific question correctly.. ASP might, SC sure does (but
> APAS seems to be loathed by most (some) sci.crypt posters..)
Hi Thomas,
I wasn't criticising you for x-posting your message, nothing wrong with
widening the audience when it's on-topic.  My newsreader prepends
that to a posting when I've set a Followup-To header. Good netiquette
dictates that a Followup-To header should always be applied when
responding to x-posted articles. If responders wish to keep other
groups in the thread, they can reinsert them.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iQEVAwUBQnJ4F2oLu9HNUqmMAQr33Qf+PTOlpT/gQI82Ng2wbFHt9lWwovym2Avn
zEDkJQKDzYG8cUELGPRF4KrOjIseOEMUo92Bvc5D
lqoc/SyeOLOn/S2+enMcuW+F
hneOQv1LTtvLyA0czOL1A4ojTsrzctRKI3HDCcWl
hyrCkaJnCDZmrvm140fGyhKJ
0YVxZ7vXbnl11ktNh43B0i27/WNbJWERqCt9sUosoWya47aS3w2e+kN6m6FMaavq
+Iwz1ZzXzSD5izk1HLkwFDcXDrBTSrN7ydqBGywk
tVto4ereUKXUZn4jMFwiSKGl
F8Y4AsuaERIrOnJTmzpxpjH1rHVlaYDlvj5S5psW
yJRdTk3pnY+iVg==
=k2pi
-----END PGP SIGNATURE-----
--
pub 1024D/8ED57743 2003-07-08 Bananasplit Operator
Key fingerprint = 796F 67E0 E890 A0BB BDAE EBB4 94A6 7A09 8ED5 7743
uid Admin <admin.bananasplit.info>
| |
| Thomas J. Boschloo 2005-05-01, 5:48 pm |
| -----BEGIN PGP SIGNED MESSAGE-----
[X-Posted to sci.crypt and alt.security.pgp]
Zax wrote:
> On Fri, 29 Apr 2005 19:20:55 +0200, Thomas J. Boschloo wrote in
> Message-Id: <42726d22$0$148$3a628fcd@reader2.nntp.hccnet.nl>:
>
>
>
>
> Hi Thomas,
>
> I wasn't criticising you for x-posting your message, nothing wrong with
> widening the audience when it's on-topic. My newsreader prepends
> that to a posting when I've set a Followup-To header. Good netiquette
> dictates that a Followup-To header should always be applied when
> responding to x-posted articles. If responders wish to keep other
> groups in the thread, they can reinsert them.
That's good :-) I also remember the right and wrong formula for the
Birthday attack problem:
Good: 1-(365/365)(364/365)(363/365)..(336/365) for 30 pupils
Bad: 30*(1/365)
Good ~= 71%
Bad ~= 8% (not completely sure about the formula)
The case with SHA-1 is that with a collision attack that requires 2^69
operations is that all (~2^68) previous results are stored just like in
a class with pupils. So while the second collision is only being
compared to the first, the third collision is also being compared to the
second and so on. So each evaluation becomes slower than the previous
one, still it is only considered to be one operation. With a vector
computer it might be possible to make these massively parallel
operations pretty fast. Still, the (SHA-1) result is highly academic and
doesn't apply to real life DSS signatures AFAIK.
OTOH, Bruce Schneier says in his Cryptogram that cryptographic attacks
only become better in the future and not worse!
Hope I got this right. I am cross-posting again,
Thomas
- --
"Nothing is true. Everything is permitted" - W.S. Burroughs, Naked Lunch
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iQB5AwUBQnOEbQEP2l8iXKAJAQHbYgMfXo8GAhBm
cWRTOwfNOEZwV+CcVtkEyNTK
pou1bbjgKgRezb38LE7AZ0gQVEn1/apRnyntwd6od8rvv7thX1lp9MWYEj2rVfHD
9AcF2bFYVAyl6COaJiCGkFBEmQK7biQq75WScA==
=YPZD
-----END PGP SIGNATURE-----
| |
| lit@hush.com 2005-05-02, 8:45 pm |
| *yada ... yada ...*
So you say the problem with SHA, is the easy to break, though not
today, (quantum computer) 160 bits of authentication? Did it ever occur
to you that there is a builtin deficiency in SHA? Need I remind anyone
that the American National Security Agency took MD5, made some
modifications to it and spit out the *Secure Hash Algorithm*? This is
the same SHA160 which people thought universally secure till about a
year ago.
We are not getting the full tale here, I get the feeling someone is
holding in, and the NSA sure hasn't made a public statement about their
builtin flaw yet.
| |
| Thomas J. Boschloo 2005-05-07, 5:45 pm |
| -----BEGIN PGP SIGNED MESSAGE-----
lit@hush.com wrote:
> *yada ... yada ...*
>
> So you say the problem with SHA, is the easy to break, though not
> today, (quantum computer) 160 bits of authentication? Did it ever occur
<snip>
The problem isn't the current attack on SHA-1. It is that from a
mathematical point of view the hash is broken since it does not produce
the full 160 bits of security and that with 2^69 operations a collision
can be found instead of the 'normal' 2^80 operations for a 160 bit hash.
If you find a collision, you could theoretically forge signatures with
SHA-1 on messages.
That said, 2^69 operations still is a real lot, but perhaps feasible now
with the right hardware.
Thomas
- --
"Nothing is true. Everything is permitted" - W.S. Burroughs, Naked Lunch
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iQB5AwUBQnzKOQEP2l8iXKAJAQEfhAMgnnynpu9q
KT5cpeMDSTdXysn2hBDYTrLW
KCY8ZdcWmOaZMH3mdP1VaWmzDvP/5E7Nr3IOcMWrnv3R6q5sG7blwlLFMtmVBYwZ
/Z8fldsVO2rLl8TkwdTV+H5x+qy0W3mOGLmZ2Q==
=cm3p
-----END PGP SIGNATURE-----
| |
| Anonymous 2005-05-09, 7:45 am |
| On Sat, 07 May 2005, "Thomas J. Boschloo" <nospam@hccnet.nl.invalid> wrote:
>=====BEGIN PGP SIGNED MESSAGE=====
>Signature: 0x225CA009
>Date:
>Status: INVALID (Unknown)
>
>lit@hush.com wrote:
><snip>
>
>The problem isn't the current attack on SHA-1. It is that from a
>mathematical point of view the hash is broken since it does not produce
>the full 160 bits of security and that with 2^69 operations a collision
>can be found instead of the 'normal' 2^80 operations for a 160 bit hash.
>If you find a collision, you could theoretically forge signatures with
>SHA-1 on messages.
>
>That said, 2^69 operations still is a real lot, but perhaps feasible now
>with the right hardware.
>
Hmm... 2^69=590,295,810,358,705,651,712
I'm not worried, nor should anyone else.
-=-
This message was sent via two or more anonymous remailing services.
~~~~~~~~~~~~~~~~~~~~~
This message was posted via one or more anonymous remailing services.
The original sender is unknown. Any address shown in the From header
is unverified. You need a valid hashcash token to post to groups other
than alt.test and alt.anonymous.messages. Visit www.panta-rhei.dyndns.org
for abuse and hashcash info.
| |
| Thomas J. Boschloo 2005-05-14, 1:04 pm |
| -----BEGIN PGP SIGNED MESSAGE-----
Anonymous wrote:
> On Sat, 07 May 2005, "Thomas J. Boschloo" <nospam@hccnet.nl.invalid> wrote:
>
>
>
>
> Hmm... 2^69=590,295,810,358,705,651,712
>
> I'm not worried, nor should anyone else.
But it should be 2^80=1,208,925,819,614,629,174,706,176. Also, to
paraphrase Bruce Schneier on this: Cryptographic attacks only get
better.. They never get worse!
Also, you have 4Ghz Athlon 64 processors now. That is 4,294,967,296
clock cycles a second. Or 2,597,596,220,620,800 clock cycles a week.
The question is how many processors you have available and how many
clock cycles they need for a single operation!
Thomas
- --
"Nothing is true. Everything is permitted" - W.S. Burroughs, Naked Lunch
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iQB5AwUBQoYjTAEP2l8iXKAJAQEWhgMcC9PNp5F5
KUoO/nQcQx2BDMpFcROudStY
WmB9Pk2vfhiE5EH1rskwSeX+3y0X++Uj+CDCiahb
da9NSOHJn8Svxes3qZwrfm6+
i6wRp7Iwte8c5XUpGpw22AiDcS7OP/UwZLzLSw==
=G/Gx
-----END PGP SIGNATURE-----
| |
| controlit 2005-05-17, 5:46 pm |
| > As I understand it, a documented method exists for generating a hash
> collision in 2^69 rounds instead of the brute-force 2^80. That's
> serious from a crypto point of view as it proves that there are
> weaknesses in SHA-1.
It doesn't proove anything, none of these so called new collision
theories have ever, EVER been documented publicly, it's just
something those academics keep for themselves. Nobody trusted the
NSA never specified what tweaks were made for what reason, but
atleast the NSA did show us the code, right? These *academics*
have been taken seriously for press releases, while portrayed to
the public as serving science [We found cure for cancer, wait a
few years for the pills, ok?]. They're not to be trusted, *period*.
| |
| controlit 2005-05-17, 5:46 pm |
| > As I understand it, a documented method exists for generating a hash
> collision in 269 rounds instead of the brute-force 280. That's
> serious from a crypto point of view as it proves that there are
> weaknesses in SHA-1.
It doesn't proove anything, none of these so called new collision
theories have ever, EVER been documented publicly, it's just
something those academics keep for themselves. Nobody trusted the
NSAs SHA modification and they never specified what tweaks were
made for what reason, but atleast the NSA did show us the code,
right? These *academics* have been taken seriously by press releases,
while portrayed to the public as serving science [We found cure for
cancer, wait a few years for the pills, can you deal with that?].
They're not to be trusted, *period*.
| |
| Userbeam Remailer 2005-05-17, 5:46 pm |
| On Tue, 17 May 2005, controlit <lit@hush.com> wrote:
>
>It doesn't proove anything, none of these so called new collision
>theories have ever, EVER been documented publicly, it's just
>something those academics keep for themselves. Nobody trusted the
>NSA never specified what tweaks were made for what reason, but
>atleast the NSA did show us the code, right? These *academics*
>have been taken seriously for press releases, while portrayed to
>the public as serving science [We found cure for cancer, wait a
>few years for the pills, ok?]. They're not to be trusted, *period*.
I like your attitude. :-)
| |
| Thomas J. Boschloo 2005-05-20, 5:46 pm |
| -----BEGIN PGP SIGNED MESSAGE-----
controlit wrote:
>
>
> It doesn't proove anything, none of these so called new collision
> theories have ever, EVER been documented publicly, it's just
> something those academics keep for themselves. Nobody trusted the
> NSAs SHA modification and they never specified what tweaks were
> made for what reason, but atleast the NSA did show us the code,
> right? These *academics* have been taken seriously by press releases,
> while portrayed to the public as serving science [We found cure for
> cancer, wait a few years for the pills, can you deal with that?].
> They're not to be trusted, *period*.
Please don't misquote me. O(2^69) is very different from 269 rounds. I
don't even know how many rounds SHA-1 uses (but I could find out).
But hey, if you feel safe using an 'academically broken' hash function,
by all means, be my guest! I still use MD5 to sign this message and for
that hash function collisions /have/ been found AFAIK..
Thomas
- --
"I don't know, it just seems to be so incredibly beautiful. It's magic."
- - emmel, alt.games.creatures, may 2005
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iQB5AwUBQo3zkgEP2l8iXKAJAQE8uQMfXAZau71o
/Wke0QgG6cjNMYgLo5HW2LT8
1ds/ Foxh9FDJRsVs49FJjXNTkwn5gJ1FB5t6uYQRMaIe
/pVmUA/hNm37p2+0ezGm
Qi2TI6vix2ZYbz4HdMQPJ4eOb0VGrXZnrWC+RQ==
=UzBR
-----END PGP SIGNATURE-----
|
|
|
|
|