New results against SHA-1

Martin Ågren martin.agren at gmail.com
Sun May 3 13:05:36 CEST 2009


2009/5/1 Atom Smasher <atom at smasher.org>:
> On Thu, 30 Apr 2009, David Shaw wrote:
>
>> http://eurocrypt2009rump.cr.yp.to/837a0a8086fa6ca714249409ddfae43d.pdf
>>
>> There is not much hard information yet, but the two big quotes are "SHA-1
>> collisions now 2^52" and "Practical collisions are within resources of a
>> well funded organisation."
>
> [...] what's next? will it have to be a bigger hash?

No, not bigger, but better. :) SHA-2 should be better, but since it's
conceptually quite similar to SHA-1, one could be somewhat worried...
SHA-3, on the other hand, will be very well-studied when it becomes a
standard, so we should in a way be able to trust it as much as we
trust AES. Google "SHA-3 competition" for more information.

Take care!

Martin



More information about the Gnupg-users mailing list