[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: MD5, SHA-1, RIPEMD, etc.



Colin Plumb wrote:

>Actually, MD5 is still holding up, but Dobbertin has indeed dented it.
>Frankly, it would take a *hell* of a determined attacker to manage
>to turn it into a successful securitty exploit if it's used for
>file checksums.

I agree here.  Still, it's probably better to move away from MD5 if
there are no serious consequences in doing so.  We don't know the
current state of the art in cracking secure hashes, and for some
applications, like the web of trust for PGP keys, MD5 should already
should be considered inappropriate.

>SHA's GFSR implementation means that any two inputs will have a large
>Hamming distance in the scheduled key, i.e. lots of rounds will have
>their keys altered.  The "bug fix" in SHA-1 further increases this
>tendency.

Is anybody aware of WHAT attack this fix was against?

>I have no fear of RIPEMD-160; it's certainly strong, but it's also
>slower than necessary and has more unproven techniques, and I don't
>quite see the reason to put up with that.

Using the reference you provided, I got around three Megabytes/ CPU
second on a P133 with RIPEMD-160 (using pgcc -O6, I confess :-)  How
fast is SHA-1 in comprarison?
-- 
Thomas Koenig, Thomas.Koenig@ciw.uni-karlsruhe.de, ig25@dkauni2.bitnet.
The joy of engineering is to find a straight line on a double
logarithmic diagram.


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .


Reply to: