Thread: Hash functions and streaming
View Single Post
  #11 (permalink)  
Old 11-03-2005, 01:12 AM
John Hyde
Guest
  
Posts: n/a
Default Re: Hash functions and streaming
on 11/2/2005 7:26 AM Volker Birk said the following:
> Lassi Hippeläinen <lahippel.at.ieee.org@moon.invalid> wrote:
>
>>>>>The data block is hashed to produce another message digest.
>>>>>The two digests are compared to see if they match.
>>>>>If they do, the data block is accepted. If they do not the data block
>>>>>is rejected.
>>>>
>>>>You have two layers of cryptography, hash and encryption. In your case
>>>>the break of SHA-1 shouldn't be relevant.
>>>
>>>This is wrong.
>>
>>Hmmm... a small brainfart there. The conclusion is correct, but the argument
>>isn't. The attacks against SHA-1 use chosen plaintext. This case is only
>>known plaintext, so the attack doesn't work.
>
>
> Please read:
>
> http://www.schneier.com/blog/archive...a1_broken.html
> http://www.schneier.com/blog/archive...nalysis_o.html
>
> If an algorithm is broken, then it's futile to further discuss how to use
> it securely.
>
> Yours,
> VB.

The cryptanalysis article does not actually support your conclusion.
Though an attack has been found, it is not a genaral cause for alarm.
The author says:

"For the average Internet user, this news is not a cause for panic. No
one is going to be breaking digital signatures or reading encrypted
messages anytime soon. The electronic world is no less secure after
these announcements than it was before."

Should improvements and better hash functions be sought? Of course. The
author continues to say:

"But there's an old saying inside the NSA: "Attacks always get better;
they never get worse." Just as this week's attack builds on other papers
describing attacks against simplified versions of SHA-1, SHA-0, MD4, and
MD5, other researchers will build on this result. The attack against
SHA-1 will continue to improve, as others read about it and develop
faster tricks, optimizations, etc. And Moore's Law will continue to
march forward, making even the existing attack faster and more affordable."

My conclusion? SHA-1 is not "broken", but it is not perfect either. No
shock there. The function is useful as long as a normal risk analysis
is done. To paraphrase (and alter) VB's comment: It *is* useful to
further discuss how to use it (SHA-1) securely.

Regards,
JH

Reply With Quote