[Python-Dev] SHA-256 module

Michael Hudson mwh at python.net
Sun Sep 12 18:02:04 CEST 2004 

Tim Peters <tim.peters at gmail.com> writes:

> [Michael Hudson, on 30 June 2004]
>>> Nevertheless, am I right to still believe that there are no known
>>> distinct strings which even MD5 to the same hash?
>
> [Andrew Kuchling]
>> Correct.
>
> And two months later, the world is all different again:

Heh, I'd already blogged about that:

http://starship.python.net/crew/mwh/blog/nb.cgi/view/weblog/2004/08/18/0

> """
> import md5
>
> S = ('\xd11\xdd\x02\xc5\xe6\xee\xc4i=\x9a\x06\x98\xaf\xf9\\'
>      '/\xca\xb5\x87\x12F~\xab@\x04X>\xb8\xfb\x7f\x89U\xad4'
>      '\x06\t\xf4\xb3\x02\x83\xe4\x88\x83%qAZ\x08Q%\xe8\xf7'
>      '\xcd\xc9\x9f\xd9\x1d\xbd\xf2\x807<[\x96\x0b\x1d\xd1'
>      '\xdcA{\x9c\xe4\xd8\x97\xf4ZeU\xd55s\x9a\xc7\xf0\xeb'
>      '\xfd\x0c0)\xf1f\xd1\t\xb1\x8fu\'\x7fy0\xd5\\\xeb"'
>      '\xe8\xad\xbay\xcc\x15\\\xedt\xcb\xdd_\xc5\xd3m\xb1'
>      '\x9b\n\xd85\xcc\xa7\xe3')
>
> T = ('\xd11\xdd\x02\xc5\xe6\xee\xc4i=\x9a\x06\x98\xaf\xf9\\'
>      '/\xca\xb5\x07\x12F~\xab@\x04X>\xb8\xfb\x7f\x89U\xad4'
>      '\x06\t\xf4\xb3\x02\x83\xe4\x88\x83%\xf1AZ\x08Q%\xe8\xf7'
>      '\xcd\xc9\x9f\xd9\x1d\xbdr\x807<[\x96\x0b\x1d\xd1\xdcA{'
>      '\x9c\xe4\xd8\x97\xf4ZeU\xd55s\x9aG\xf0\xeb\xfd\x0c0)'
>      '\xf1f\xd1\t\xb1\x8fu\'\x7fy0\xd5\\\xeb"\xe8\xad\xbayL'
>      '\x15\\\xedt\xcb\xdd_\xc5\xd3m\xb1\x9b\nX5\xcc\xa7\xe3')
>
> assert S != T
> print md5.new(S).hexdigest()
> print md5.new(T).hexdigest()
> print "oops"
> """
>
> A number of hash functions got cracked since this thread started, by
> some researchers in China:
>
>     http://eprint.iacr.org/2004/199.pdf

Is there any resource that explains these guys results any more fully?
The only examples I've seen only differ in a very few bits.

> MD5 is truly dead now for "secure" applications.

I'd say it's resting :)

> Maybe someone who gives a rip <wink> could update the docs.

> Best I understand it, SHA-1 still stands, although a variant with half
> the rounds has been cracked.  It does increase the desirability (IMO)
> of adding SHA-256, lest SHA-1 get cracked too while Python 2.4.j is
> still current.

I'm hardly an expert, but I'd still like to know more about this
attack.  If it's as limited as it could possibly be (i.e. it can only
make very specific strings differing by a handful of bits hash the
same) then it's only an issue for the paranoid.  If it's as wide as it
could possibly be it seems that all hash functions we currently know
could be doomed.

Cheers,
mwh

-- 
  Q: Isn't it okay to just read Slashdot for the links?
  A: No. Reading Slashdot for the links is like having "just one hit"
     off the crack pipe.
     -- http://www.cs.washington.edu/homes/klee/misc/slashdot.html#faq

More information about the Python-Dev mailing list