Bruno Wolff III wrote:
> On Wed, Sep 08, 2004 at 00:33:39 -0400,
> Tom Lane <tgl@sss.pgh.pa.us> wrote:
>
>>I've been hearing rumblings that MD5 and all other known crypto
>>protocols are known vulnerable since the latest crypto symposiums.
>>(Not that we didn't all suspect the NSA et al could break 'em, but
>>now they've told us exactly how they do it.)
>
>
> Things aren't currently that bad. So far people have found a way to find
> two strings that give the same hash using MD5. They haven't yet found a way
> to find a string which hashes to a given hash. SHA-0 was also shown to
> have some weakness. From comments I have read, I don't think SHA-1 was
> shown to have any weaknesses. One comment specifically mentioned that
> the change made between SHA-0 and SHA-1 seems to have been made to address
> the weakness found in SHA-0. I haven't read the source papers, so take this
> all with a grain of salt.
Well, when SHA-0 was ready NSA suggested to apply some changes in order to
correct some flaw discovered and SHA-1 comes out, interesting NSA never wrote
which flaw was corrected!
May be SHA-1 is trasparent water to NSA eyes :-)
I'm sure this entire thread will be stored somewhere else then archives...
Regards
Gaetano Mendola
