Re: hash functions Re: OVC - I "really" need yourhelp with "public disclosure" legislative suggestion

From: charlie strauss <cems_at_earthlink_dot_net>
Date: Tue Nov 28 2006 - 00:34:19 CST

-----Original Message-----
>From: Joseph Lorenzo Hall <joehall@gmail.com>
>Sent: Nov 27, 2006 8:36 PM
>To: Open Voting Consortium discussion list <ovc-discuss@listman.sonic.net>
>Subject: Re: [OVC-discuss] hash functions Re: OVC - I "really" need your help with "public disclosure" legislative suggestion
>
>On 11/27/06, Charlie Strauss <cems@earthlink.net> wrote:
>> Heres' a couple articles. The important feature is that attack
>> requires cooperation from the victim in the sense that there needs to
>> be a large mutable region the attacker can modify without changing
>> the length of the document. So if don't cooperate and are not
>> stupid, you can avoid this attack.
>>
>>
>>
>> http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
>> http://www.cits.rub.de/MD5Collisions/
>>
>> http://www.heise-security.co.uk/news/77244
>
>So, MD5 and SHA hash functions (that aren't keyed like in HMAC) can
>have designed collisions (or will soon).
>
>What other non-keyed hash functions out there will people move to now
>that these popular ones have proven cryptanalytical weaknesses? And
>does a suite of hashes... like MD5/SHA-256/Tiger/WHIRLPOOL prove to be
>infeasible to collide (is there literature on suites of hashes)? -Joe

Longer hashes like SHA-256 and so on will be harder to crack. The seemingly obvious solution of stacking two hashes together; e.g. two different SHA-1 with different salts wont be effective. That does not double the effective key length it simple doubles the work and that's like adding 1 bit to the key length.

>
>--
>Joseph Lorenzo Hall
>PhD Student, UC Berkeley, School of Information
><http://josephhall.org/>
>_______________________________________________
>OVC-discuss mailing list
>OVC-discuss@listman.sonic.net
>http://lists.sonic.net/mailman/listinfo/ovc-discuss

_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Thu Nov 30 23:17:14 2006

This archive was generated by hypermail 2.1.8 : Thu Nov 30 2006 - 23:17:19 CST