Hi, James - I'm afraid you are off by a year on that. Those reports
were from 2005, not 2006. They have been intensively discussed here and
elsewhere in the cryptographic community. Indeed, those findings are a
good part of why I was proposing making SHA-256 a MUST, along with the
fact that this hash will now be able to be used with DSS signatures.
Hal Finney
We might want to think about making SHA-256 be another MUST algorithm.
The only MUST hash now is SHA-1. Making SHA-256 be a MUST would make
these new key sizes be more useful, and also give us an easier fallback
if SHA-1 should be broken.
SHA-1 was broken, last month by three Chinese cryptographers as reported
by Bruce Schneier through is website. On February 15, 2006 he wrote of
a new cryptographic result, an attack faster than brute-force against
SHA-1. Two days later he wrote an update to his original post and a
quote from within it:
Earlier this week, three Chinese cryptographers showed that SHA-1 is not
collision-free. That is, they developed an algorithm for finding collisions
faster than brute force.
...
They can find collisions in SHA-1 in 2^69 calculations, about 2,000 times
faster than brute force. Right now, that is just on the far edge of
feasibility with current technology. Two comparable massive computations
illustrate that point.
Reference URL (02/18/2006): http://tinyurl.com/4rl78
Original post (02/15/2006): http://tinyurl.com/4bmcc
With respect to your suggestion about thinking about making SHA-256 a MUST
algorithm I couldn't agree more.
Cheers,
James
--
James Couzens,
Programmer
___ __ __ ___
| __| \/ |/ __| The Electric Mail Company
| _|| |\/| | (__ Managed, Secure Email Services
|___|_| |_|\___| http://www.electricmail.com
Direct Line: 604.482.1111 x152
--------------------------------------------------
PGP Key Fingerprint:
B2EF B741 1807 2F24 8B70 F89B 03D2 6CFF C52F 0052