SHA1 broken

[Paul Rubin]

Irmen de Jong <irmen.NOSPAM at xs4all.nl> writes:
> > Also, the new findings only apply to hash collisions, not to the
> > invertibility of SHA1 hashes - thus, as Schneier points out, uses of
> > keyed hashes (such as HMAC) are not compromised by this.
> 
> What about HMAC-MD5?

HMAC-MD5 and HMAC-SHA1 should be affected by the vulnerability in about
the same way.  Based on some reasonable assumptions both should still
be secure.  

Note also that the 2**69 attack against SHA1 is an important
theoretical result, but nowhere near as bad a practical vulnerability
as the md5 break which allowed finding real collisions in a few
cpu-hours.  As someone on sci.crypt explained the SHA1 attack, "in
motor vehicle terms, SHA1 is a tank and they have discovered a way to
scratch the paint".