|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: MD5 To Be Considered Harmful Someday
From: Dan Kaminsky (dan
doxpara.com)
Date: Wed Dec 08 2004 - 15:44:08 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
>Since you can't possibly mean absolutely suitable, can you clarify your
>basis for suitability? I'm not asking for a technical proof, just the
>general metrics used to make the determination.
>
>If 160 bit SHA1 is good enough for one application but not another, what
>does one need to know to decide for their own application?
>
>
SHA-1 is truncatable to 128 bits for applications that have limited
space available for hashes. This limits the birthday paradox attack to
a 2^64 effort, but MD5 isn't anywhere close to that anymore.
(Incidentally, the output of birthday attack is an unchosen collision,
just like Wang's.)
SHA-1 isn't perfect, but we haven't known its been broken for a decade
like we have for MD5.
--Dan
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]