Re: hash functions Re: OVC - I "really" need your help with "public disclosure" legislative suggestion

From: Joseph Lorenzo Hall <joehall_at_gmail_dot_com>
Date: Mon Nov 27 2006 - 19:36:38 CST

On 11/27/06, Charlie Strauss <cems@earthlink.net> wrote:
> Heres' a couple articles. The important feature is that attack
> requires cooperation from the victim in the sense that there needs to
> be a large mutable region the attacker can modify without changing
> the length of the document. So if don't cooperate and are not
> stupid, you can avoid this attack.
>
>
>
> http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
> http://www.cits.rub.de/MD5Collisions/
>
> http://www.heise-security.co.uk/news/77244

So, MD5 and SHA hash functions (that aren't keyed like in HMAC) can
have designed collisions (or will soon).

What other non-keyed hash functions out there will people move to now
that these popular ones have proven cryptanalytical weaknesses? And
does a suite of hashes... like MD5/SHA-256/Tiger/WHIRLPOOL prove to be
infeasible to collide (is there literature on suites of hashes)? -Joe

-- 
Joseph Lorenzo Hall
PhD Student, UC Berkeley, School of Information
<http://josephhall.org/>
_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
==================================================================
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
==================================================================
Received on Thu Nov 30 23:17:14 2006

This archive was generated by hypermail 2.1.8 : Thu Nov 30 2006 - 23:17:19 CST