l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2005 Feb 16 20:55

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
[vox] [fwd] SHA-1(Secure Hash Algorithm) Broken
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vox] [fwd] SHA-1(Secure Hash Algorithm) Broken

Seen on SVLUG, TriLUG and, apparently, Slashdot...


----- Forwarded message from Marc M <linuxr@gmail.com> -----

Date: Wed, 16 Feb 2005 11:28:54 -0500
From: Marc M <linuxr@gmail.com>
Subject: [svlug] Fwd: [TriLUG] SHA-1(Secure Hash Algorithm) Broken
To: Greater Orlando Linux User Group tech list <tech@golug.org>,
Reply-To: Marc M <linuxr@gmail.com>

---------- Forwarded message ----------
From: Sarat S <slinuxgeek@gmail.com>
Date: Tue, 15 Feb 2005 23:41:00 -0500
Subject: [TriLUG] SHA-1(Secure Hash Algorithm) Broken
To: trilug@trilug.org

 Check this out: SHA-1(Secure Hash Algorithm) Broken. (Content from
Slashdot and then from Bruce Schneier's weblog).

Quoting the words of the Security expert, Bruce Schneier:
"SHA-1 has been broken. Not a reduced-round version. Not a simplified
version. The real thing.The research team of Xiaoyun Wang, Yiqun Lisa
Yin, and Hongbo Yu (mostly from Shandong University in China) have
been quietly circulating a paper announcing their results:

    * collisions in the the full SHA-1 in 2**69 hash operations, much
less than the brute-force attack of 2**80 operations based on the hash
    * collisions in SHA-0 in 2**39 operations.
    * collisions in 58-round SHA-1 in 2**33 operations.

This attack builds on previous attacks on SHA-0 and SHA-1, and is a
major, major cryptanalytic result. It pretty much puts a bullet into
SHA-1 as a hash function for digital signatures (although it doesn't
affect applications such as HMAC where collisions aren't important).

The paper isn't generally available yet. At this point I can't tell if
the attack is real, but the paper looks good and this is a reputable
research team.

More details when I have them."
TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ  : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc

svlug mailing list

----- End forwarded message -----

bill@newbreedsoftware.com         "I'm anticipating an all-out tactical
http://newbreedsoftware.com/      dog-fight, followed by a light dinner."
vox mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.