[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: problems with SHA-1

Mark Eichin wrote:

>> IBM developed a cypher called "lucifer".  The NSA examined it,
>> recommended some changes to the algorithm, and the result was DES.
>Changes which, we now know, *strengthened* it against differential
>cryptanalysis (which they new about in the 70's, and called the
>"sliding attack", if I remember Copperfield's comments correctly...)

This is getting dangerously off-topic, but...

The original IBM Lucifer cypher had 128 bits of key size.  The NSA
strengthened the S-boxes against differential cryptanalysis (but NOT
against linear cryptanalysis, they either didn't know about that or they
knew about another attack), and they reduced the key size to 56 bit so
they could crack it with brute force in massively parallell hardware.

The result - for a time - was that it took a lot of capital investment
to crack DES.  Check out Schneier for details.

>Also note that although SHA predated the MD5 attack mentioned here,
>didn't SHA-1 (with a change from a shift to a rotate in one place, or
>something subtle like that) come later?

The FIPS standard specifying SHA-1 came from the autumn of 1995, but
the algorithm was published in 1994.  Dobbertin published his first
papers in early 1995.

SHA-1 seems to have been introduced because of an attack on SHA.  What
attack this was has been kept secret :-(
Thomas Koenig, Thomas.Koenig@ciw.uni-karlsruhe.de, ig25@dkauni2.bitnet.
The joy of engineering is to find a straight line on a double
logarithmic diagram.

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to: