-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On May 5, 2009, at 12:18 PM, Daniel Franke wrote:
* PGP Signed by an unknown key
Jon Callas <jon(_at_)callas(_dot_)org> writes:
Adi Shamir has pointed out for years now that no one has found *any*
first or second preimage collision for SHA1. I'll shill for him here.
The new results for 2^52 work, assuming it's actually doable, are
still for migrating a bitstring into two dependent bitstrings that
collide. This has significance for people who run CAs with sequential
serial numbers, or who want to tweak PDFs to project the future, or
create binary distributions that have and do not have malware. It's
serious *for* *those* *and* *similar* *cases*.
I think you mean "no one has found any first or second preimage
*attacks* for SHA-1". To the best of my knowledge, nobody has found
any
SHA-1 collisions at all, either chosen or otherwise. The 2^52
result is
still theoretical, because while 2^52 hash operations is tractable
for a
WFO, it's still a formidable amount of work, and Cameron McDonald is
not
a WFO.
Thank you for the further clarification. You are correct.
Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.6.3
Charset: US-ASCII
wj8DBQFKALAQsTedWZOD3gYRAtQVAJ9bLVO5G5yS5oiCWb5KbWCGibNsEACeMwb3
B/qMAwa5oxwg1q7DJ/aXuww=
=OUoa
-----END PGP SIGNATURE-----