Re: SHA-1 broken



Werner Koch <wk(_at_)gnupg(_dot_)org> wrote on 17 Feb 2005:

We should really start thinking on how to switch to a different hash
algorithm.  The question is whether sha-256 is really that much more
secure.  From my understanding it has not been developed as a
replacement for SHA-1 but to meet the requirements of AES and to
extend DSA.


While not being opposed to David's suggestion of a potential V5 key
with AES/SHA-256, I still can't see any real need for replacing SHA-1
in the near future.

What are the actual facts behind these "SHA-1 is broken" rumours?
Someone found a way to reduce the SHA-1 strenght by 11 binary digits.
This has the exact same effect as if someone boosted the current
processor speeds by a factor of 2096.

Does this mean that any 128 bit hash gets "broken" by building a
cluster of 2096 PCs?

Let us be realistic and avoid any panic mode. Quickly announcing
changes to the OpenPGP protocol is doing us a bad service as it
undermines public trust for no good reason at all.

The recent announcement of Jon Callas et al. was - in my eyes - not
helpful at all. It solved a non-existing problem (not one single
existing OpenPGP implementation suffered from the "oracle" effect),
and the result in the media (at least in Germany) was rather
catastrophic: Even the (normally pretty conservative) Heise Verlag
published panic articles that "all automatic encrypt/decrypt systems
based on OpenPGP are broken"!

So the actual effect of the announcement was that, while not fixing
any real security problem, it seriously caused a Public Relations
damage for crypto gateways like our "KT Mail gateway"
(www.redtenbacher.de/info/gateway.htm) or "PGP Universal" (from PGP
Inc.).

Please, let us stop making any "change announcements" to the public if
there is not an actual security problem to be solved!

- Wolfgang Redtenbacher

---------------------------------------------------------------------
Redtenbacher Software                Tel.:   +49 7159 17046
Roemerstr. 11/1                      Fax:    +49 7159 17047
D-71272 Renningen                    e-mail: wolfgang(_at_)redtenbacher(_dot_)de
---------------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
Re: SHA-1 broken, (continued) Re: SHA-1 broken, Ian G Re: SHA-1 broken, David Shaw Re: SHA-1 broken, Ian G Re: SHA-1 broken, David Shaw Re: SHA-1 broken, Werner Koch Re: SHA-1 broken, Ian G Re: SHA-1 broken, David Shaw Re: SHA-1 broken, Konrad Rosenbaum Re: SHA-1 broken, Konrad Rosenbaum Re: SHA-1 broken, Vlad \"SATtva\" Miller Re: SHA-1 broken, aboietf <= Re: SHA-1 broken, Ian G Re: SHA-1 broken, Jon Callas Re: SHA-1 broken, Lutz Donnerhacke Re: SHA-1 broken, Jon Callas Re: SHA-1 broken, Werner Koch The oracle weakness and the art of disclosure, Ian G Re: SHA-1 broken, Konrad Rosenbaum Re: SHA-1 broken, aboietf Re: SHA-1 broken, Werner Koch Re: SHA-1 broken, "Hal Finney"