Changes between Version 1 and Version 2 of HashFunctionReview


Ignore:
Timestamp:
Feb 20, 2008, 11:48:58 PM (10 years ago)
Author:
dkg
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • HashFunctionReview

    v1 v2  
    33Thanks to the git focus at the hackday, our discussion of how
    44cryptographic weakness is related to bitlengths, and a couple of
    5 offline conversations with wiki:jrollins and enw, i've
     5offline conversations with [wiki:jrollins] and enw, i've
    66thought a lot more about SHA-1 over the last few days.
    77
     
    1515
    1616What is a hash function?  What makes a hash function
    17 cryptographically-good?  [http://www.iaik.tugraz.at/research/krypto/collision/SHA1CollisionBasics.php Collision-resistance and one-wayness are the
    18 two key criteria].
     17cryptographically-good?  [http://www.iaik.tugraz.at/research/krypto/collision/SHA1CollisionBasics.php Collision-resistance and one-wayness are the two key criteria].
    1918
    2019= How can a hash function fail? =
     
    3029This was quite famously done for MD5 (a once-widely-used hash
    3130function) about 4 years ago, and was cleverly demonstrated this year
    32 in a so-called "Nostradamus Attack" titled [http://www.win.tue.nl/hashclash/Nostradamus/ Predicting the winner of
    33 the 2008 US Presidential Elections using a Sony PlayStation 3].
     31in a so-called "Nostradamus Attack" titled [http://www.win.tue.nl/hashclash/Nostradamus/ Predicting the winner of the 2008 US Presidential Elections using a Sony PlayStation 3].
    3432
    3533Because of these attacks, MD5 is no longer taken seriously as a useful
     
    4846
    49472^69^ is still a very large number, and no actual collision has yet
    50 been found.  But there is [http://www.iaik.tugraz.at/research/krypto/collision/index.php ongoing work to find a single collision in
    51 SHA-1].
     48been found.  But there is [http://www.iaik.tugraz.at/research/krypto/collision/index.php ongoing work to find a single collision in SHA-1].
    5249
    5350
     
    6461produces a 512-bit hash (which means that a brute-force search for a
    6562single collision should have to examine 2^256^ items, which is a lot).
    66 `/usr/bin/sha512sum` is included in DebianPackage:coreutils.  And
     63`/usr/bin/sha512sum` is included in [DebianPackage:coreutils].  And
    6764there are other algorithms proposed, such as whirlpool (also a 512-bit
    68 hash, available in DebianPackage:whirlpool).
     65hash, available in [DebianPackage:whirlpool]).
    6966
    7067So what does this mean for git?  Very little for the underlying