Better crypto hash functions, long, with code

Paul Rubin http
Fri Aug 26 11:23:35 CEST 2005

Nice.  Note that the Sourceforge bug for this issue indicates that
something is already being done about it.  It just happens to have
been updated a day or so ago:

Note to skeptics: the attacks are pretty serious.  Here's a demo of a
meaningful possible fraud resulting from knowing just one md5
collision, possibly found by somebody else:

Something similar can be done with SHA1 if a collision gets published.
The work factor for finding an SHA1 collision is now down to O(2**63),
which is within range of a distributed internet search.

The md5 attack relies on the md5's message-extension property (shared
by sha-1): if you find just one collision, you can easily generate an
"infinite" family of colliding messages.

Anyone know if the sha-2 hashes have that property?

More information about the Python-list mailing list