Re: I don't think that collides the way you think it does

[Jon Callas <jon@xxxxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On May 5, 2009, at 12:18 PM, Daniel Franke wrote:

> * PGP Signed by an unknown key
>
> Jon Callas <jon@xxxxxxxxxx> writes:
>
>> Adi Shamir has pointed out for years now that no one has found *any*
>> first or second preimage collision for SHA1. I'll shill for him here.
>>
>> The new results for 2^52 work, assuming it's actually doable, are
>> still for migrating a bitstring into two dependent bitstrings that
>> collide. This has significance for people who run CAs with sequential
>> serial numbers, or who want to tweak PDFs to project the future, or
>> create binary distributions that have and do not have malware. It's
>> serious *for* *those* *and* *similar* *cases*.
>
> I think you mean "no one has found any first or second preimage
> *attacks* for SHA-1".  To the best of my knowledge, nobody has found  
> any
> SHA-1 collisions at all, either chosen or otherwise.  The 2^52  
> result is
> still theoretical, because while 2^52 hash operations is tractable  
> for a
> WFO, it's still a formidable amount of work, and Cameron McDonald is  
> not
> a WFO.

Thank you for the further clarification. You are correct.

	Jon


-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.6.3
Charset: US-ASCII

wj8DBQFKALAQsTedWZOD3gYRAtQVAJ9bLVO5G5yS5oiCWb5KbWCGibNsEACeMwb3
B/qMAwa5oxwg1q7DJ/aXuww=
=OUoa
-----END PGP SIGNATURE-----