-----BEGIN PGP SIGNED MESSAGE-----
On May 5, 2009, at 12:18 PM, Daniel Franke wrote:
* PGP Signed by an unknown key
Jon Callas <jon(_at_)callas(_dot_)org> writes:
Adi Shamir has pointed out for years now that no one has found *any*
first or second preimage collision for SHA1. I'll shill for him here.
The new results for 2^52 work, assuming it's actually doable, are
still for migrating a bitstring into two dependent bitstrings that
collide. This has significance for people who run CAs with sequential
serial numbers, or who want to tweak PDFs to project the future, or
create binary distributions that have and do not have malware. It's
serious *for* *those* *and* *similar* *cases*.
I think you mean "no one has found any first or second preimage
*attacks* for SHA-1". To the best of my knowledge, nobody has found
SHA-1 collisions at all, either chosen or otherwise. The 2^52
still theoretical, because while 2^52 hash operations is tractable
WFO, it's still a formidable amount of work, and Cameron McDonald is
Thank you for the further clarification. You are correct.
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.6.3
-----END PGP SIGNATURE-----