|
Home > Archive > Anonymous Servers > January 2007 > Chinese Professor Cracks Fifth Data Encryption Algorithm
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Chinese Professor Cracks Fifth Data Encryption Algorithm
|
|
|
|
| Cyberiade.it Anonymous Remailer 2007-01-22, 1:11 pm |
| On Mon, 22 Jan 2007, marlowe <marlowe@antagonism.org> wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>http://www.mail-archive.com/infowar...g/msg01407.html
Number 1, this is old news.
Number 2, SHA-1 in NOT an "encryption algorythm", it is a *hashing*
algorythm.
| |
| Thomas J. Boschloo 2007-01-22, 7:12 pm |
| -----BEGIN PGP SIGNED MESSAGE-----
marlowe wrote:
> http://www.mail-archive.com/infowar...g/msg01407.html
I think they found a collision. But SHA-1 was already broken because of
its reduced strength of 63 bits instead of the 80 bits it should have
been (birthday attack). Still a lot of work!
MD5 however (which I am using to sign this) can be broken in a couple of
hours on a normal computer.
hth,
Thomas
- --
Why should I walk outside my world. If the whole world is in front of
the screen? http://www.youtube.com/watch?v=USFmVfooIx0
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQB5AwUBRbVBJgEP2l8iXKAJAQGcRQMbB7PdOA+I
F+b4nFRJVW7zJJR5xcO/lBKu
JgDtCUOZ6a8aLJdeY1KGxcJ8w7xll/NJAjKInis2NHQF6xiM1uJMHdEF++awF1FL
z1qCZsxRThYvfYzMSO8euHyYutr58A/VNhBCPQ==
=jW7R
-----END PGP SIGNATURE-----
| |
|
|
| George Orwell 2007-01-23, 1:16 am |
| Cyberiade.it Anonymous Remailer wrote:
> On Mon, 22 Jan 2007, marlowe <marlowe@antagonism.org> wrote:
>
> Number 1, this is old news.
> Number 2, SHA-1 in NOT an "encryption algorythm", it is a *hashing*
> algorythm.
SHA1 is old news too, and they're *all* hashing algorithms. Wang
doesn't mess with actual encryption at all. The actual article linked to
by the horribly written bit of trash above makes that a little clearer.
Literacy issues aside, cracking hashing algorithms in a couple years
is a completely different thing from cracking actual encryption in the
same amount of time. Signatures are generally more ephemeral than
encrypted data. IOW, after relatively short periods of time it doesn't
matter because the signature has been used to verify the target. At
which time you can toss the signature away for all intents and
purposes. And forgeries made at later dates are obvious.
Encrypted data on the other hand needs to be secure "for ever" in
theory, or ridiculously long periods of time in practice. Nothing Wang
has done to date can be considered a real threat to anything. She
hasn't compromised *any* encrypted data what so ever, and her attacks
against hashing algorithms haven't been able to produce results in any
useful amount of time. The whole thing is mostly FUD. Something to be
aware of but no reason to panic. No matter how impressed Wang is with
her own accomplishments, the rest of the security and encryption
industry sees them as normal and expected advances in technology. ;-)
| |
| ~David~ 2007-01-24, 1:15 am |
| It's not encryption, it's a hash - a hashing algorithm, one that has been
replaced by whirlpool, tiger, and more advanced versions called SHA-2 (256, 384,
512). And the "cornerstone" of internet security?
If there is _any_ algorithm that could claim that title it would have to be
either AES or RC4, as these are the two most common internet encryption ciphers.
RC4 has some timing attacks, AES seems the most secure (though there are
attacks against AES in the theoretical realm).
marlowe wrote:
> http://www.mail-archive.com/infowar...g/msg01407.html
|
|
|
|
|