Better crypto hash functions, long, with code

Paul Rubin http
Fri Aug 26 11:23:35 CEST 2005


Nice.  Note that the Sourceforge bug for this issue indicates that
something is already being done about it.  It just happens to have
been updated a day or so ago:

  https://sourceforge.net/tracker/?func=detail&atid=355470&aid=1123660&group_id=5470

Note to skeptics: the attacks are pretty serious.  Here's a demo of a
meaningful possible fraud resulting from knowing just one md5
collision, possibly found by somebody else:

  http://www.cits.rub.de/imperia/md/content/magnus/rump_ec05.pdf

Something similar can be done with SHA1 if a collision gets published.
The work factor for finding an SHA1 collision is now down to O(2**63),
which is within range of a distributed internet search.

The md5 attack relies on the md5's message-extension property (shared
by sha-1): if you find just one collision, you can easily generate an
"infinite" family of colliding messages.

Anyone know if the sha-2 hashes have that property?



More information about the Python-list mailing list