Better crypto hash functions, long, with code
Paul Rubin
http
Fri Aug 26 05:23:35 EDT 2005
Nice. Note that the Sourceforge bug for this issue indicates that
something is already being done about it. It just happens to have
been updated a day or so ago:
https://sourceforge.net/tracker/?func=detail&atid=355470&aid=1123660&group_id=5470
Note to skeptics: the attacks are pretty serious. Here's a demo of a
meaningful possible fraud resulting from knowing just one md5
collision, possibly found by somebody else:
http://www.cits.rub.de/imperia/md/content/magnus/rump_ec05.pdf
Something similar can be done with SHA1 if a collision gets published.
The work factor for finding an SHA1 collision is now down to O(2**63),
which is within range of a distributed internet search.
The md5 attack relies on the md5's message-extension property (shared
by sha-1): if you find just one collision, you can easily generate an
"infinite" family of colliding messages.
Anyone know if the sha-2 hashes have that property?
More information about the Python-list
mailing list