Anonymous Servers - New SHA-1 Attack leaves algorithm broken

This is Interesting: Free IT Magazines  
Home > Archive > Anonymous Servers > August 2006 > New SHA-1 Attack leaves algorithm broken





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author New SHA-1 Attack leaves algorithm broken
Nomen Nescio

2006-08-29, 7:15 pm


+--------------------------------------------------------------------+
| SHA-1 Collisions for Meaningful Messages |
| from the well-this-isn't-very-helpful dept. |
| posted by CmdrTaco on Sunday August 27, @09:44 (Encryption) |
| http://it.slashdot.org/article.pl?sid=06/08/27/1324241 |
+--------------------------------------------------------------------+

mrogers writes "Following on the heels of last year's [0]collision search
attack against SHA-1, researchers at the [1]Crypto 2006 conference have
announced a [2]new attack that allows the attacker to choose part of the
colliding messages. "Using the new method, it is possible, for example,
to produce two HTML documents with a long nonsense part after the closing
</html> tag, which, despite slight differences in the HTML part, thanks
to the adapted appendage have the same hash value." A similar attack
against MD5 was announced [3]last year."

Discuss this story at:
http://it.slashdot.org/comments.pl?sid=06/08/27/1324241

Links:
0. http://www.schneier.com/blog/archiv...ha1_broken.html
1. http://www.iacr.org/conferences/crypto2006/
2. http://www.heise-security.co.uk/news/77244
3. http://it.slashdot.org/article.pl?s...1749256&tid=172




nemo_outis

2006-08-30, 1:13 am

Nomen Nescio <nobody@dizum.com> wrote in
news:d383eae133f20aaf2200e01b0a750e6d@di
zum.com:

>
> +--------------------------------------------------------------------+
>| SHA-1 Collisions for Meaningful Messages |
>| from the well-this-isn't-very-helpful dept. |
>| posted by CmdrTaco on Sunday August 27, @09:44 (Encryption) |
>| http://it.slashdot.org/article.pl?sid=06/08/27/1324241 |
> +--------------------------------------------------------------------+
>
> mrogers writes "Following on the heels of last year's [0]collision
search
> attack against SHA-1, researchers at the [1]Crypto 2006 conference have
> announced a [2]new attack that allows the attacker to choose part of
the
> colliding messages. "Using the new method, it is possible, for example,
> to produce two HTML documents with a long nonsense part after the
closing
> </html> tag, which, despite slight differences in the HTML part, thanks
> to the adapted appendage have the same hash value." A similar attack
> against MD5 was announced [3]last year."
>
> Discuss this story at:
> http://it.slashdot.org/comments.pl?sid=06/08/27/1324241
>
> Links:
> 0. http://www.schneier.com/blog/archiv...ha1_broken.html
> 1. http://www.iacr.org/conferences/crypto2006/
> 2. http://www.heise-security.co.uk/news/77244
> 3. http://it.slashdot.org/article.pl?s...1749256&tid=172


The result only allows about 25% of the two plaintexts to match and it
was done with a "reduced" version of the SHA-1 hash. Buy, yes, the
results are, in a very literal sense, ominous.

For those who can read German the original announcement is at:

http://www.heise.de/newsticker/meldung/77235

(I don't know how badly it would be mangled by automatic tranlators.)

Whirlpool, anyone?

Regards,

Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com