-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://www.mail-archive.com/infowar...g/msg01407.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

 iD8DBQFFtPziMYIXomaKpd8RAvFDAJ4x9nX2lNEN
3C/RUwb12Dy8BytdQACcCP6t
5I5Rv3FwoZ+/ktA9s3c+SbA=
=WEFZ
-----END PGP SIGNATURE-----

[ Post a follow-up to this message ]

On Mon, 22 Jan 2007, marlowe <marlowe@antagonism.org> wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>http://www.mail-archive.com/infowar...g/msg01407.html

Number 1, this is old news.
Number 2, SHA-1 in NOT an "encryption algorythm", it is a *hashing*
algorythm.

[ Post a follow-up to this message ]

-----BEGIN PGP SIGNED MESSAGE-----

marlowe wrote:
> http://www.mail-archive.com/infowar...g/msg01407.html

I think they found a collision. But SHA-1 was already broken because of
its reduced strength of 63 bits instead of the 80 bits it should have
been (birthday attack). Still a lot of work!

MD5 however (which I am using to sign this) can be broken in a couple of
hours on a normal computer.

hth,
Thomas
- --
Why should I walk outside my world. If the whole world is in front of
the screen? http://www.youtube.com/watch?v=USFmVfooIx0
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

 iQB5AwUBRbVBJgEP2l8iXKAJAQGcRQMbB7PdOA+I
F+b4nFRJVW7zJJR5xcO/lBKu
JgDtCUOZ6a8aLJdeY1KGxcJ8w7xll/NJAjKInis2NHQF6xiM1uJMHdEF++awF1FL
z1qCZsxRThYvfYzMSO8euHyYutr58A/VNhBCPQ==
=jW7R
-----END PGP SIGNATURE-----

[ Post a follow-up to this message ]

On Mon, 22 Jan 2007 13:05:22 -0500, marlowe wrote:


>
> http://www.mail-archive.com/infowar...g/msg01407.html


"The only mathematics related habit in her life is how she remembers
the license plates of taxi cabs."


--
Posted via a free Usenet account from http://www.teranews.com

[ Post a follow-up to this message ]

Cyberiade.it Anonymous Remailer wrote:

> On Mon, 22 Jan 2007, marlowe <marlowe@antagonism.org> wrote: 
>
> Number 1, this is old news.
> Number 2, SHA-1 in NOT an "encryption algorythm", it is a *hashing*
> algorythm.

SHA1 is old news too, and they're *all* hashing algorithms. Wang
doesn't mess with actual encryption at all. The actual article linked to
by the horribly written bit of trash above makes that a little clearer.

Literacy issues aside, cracking hashing algorithms in a couple years
is a completely different thing from cracking actual encryption in the
same amount of time. Signatures are generally more ephemeral than
encrypted data. IOW, after relatively short periods of time it doesn't
matter because the signature has been used to verify the target. At
which time you can toss the signature away for all intents and
purposes. And forgeries made at later dates are obvious.

Encrypted data on the other hand needs to be secure "for ever" in
theory, or ridiculously long periods of time in practice. Nothing Wang
has done to date can be considered a real threat to anything. She
hasn't compromised *any* encrypted data what so ever, and her attacks
against hashing algorithms haven't been able to produce results in any
useful amount of time. The whole thing is mostly FUD. Something to be
aware of but no reason to panic. No matter how impressed Wang is with
her own accomplishments, the rest of the security and encryption
industry sees them as normal and expected advances in technology. ;-)

[ Post a follow-up to this message ]

It's not encryption, it's a hash - a hashing algorithm, one that has been
replaced by whirlpool, tiger, and more advanced versions called SHA-2 (256, 
384,
512).  And the "cornerstone" of internet security?
If there is _any_ algorithm that could claim that title it would have to be
either AES or RC4, as these are the two most common internet encryption ciph
ers.
RC4 has some timing attacks, AES seems the most secure (though there are
attacks against AES in the theoretical realm).

marlowe wrote:
> http://www.mail-archive.com/infowar...g/msg01407.html

[ Post a follow-up to this message ]