W3C home > Mailing lists > Public > public-xmlsec@w3.org > January 2010

Reference for SHA-1 being broken

From: Edgar, Gerald <gerald.edgar@boeing.com>
Date: Wed, 13 Jan 2010 10:25:29 -0800
To: "public-xmlsec@w3.org" <public-xmlsec@w3.org>
Message-ID: <AA2A6A44CDA6E04FA6C6963A13C5EB9062254C761F@XCH-NW-06V.nw.nos.boeing.com>
There is a presentation of the Crypto 2005 "Rump session" on SHA-1 at http://www.iacr.org/conferences/crypto2005/r/2.pdf
There is also a copy of the original paper at http://people.csail.mit.edu/yiqun/SHA1AttackProceedingVersion.pdf
The formal reference to Springer is stable, but if people search, they can find a copy they do not have to pay for, if that is the objection. 


Gerald Edgar, CISSP
Enterprise Architecture & Information Security

Cell: 425-503-3912

-----Original Message-----
From: public-xmlsec
Sent: Wednesday, January 13, 2010 9:08 AM
To: Peter Saint-Andre; Frederick Hirsch
Cc: public-xmlsec@w3.org
Subject: RE: Reference for SHA-1 being broken

Well as I understand it, the idea was to cite a detailed cryptographic analysis for those who wished such information. Given that it is not a normative reference, it seems reasonable to provide the reference. After all, people frequently buy books on computer subjects to increase their professional knowledge.

There are a number of problems with citing RFC 4270. First of all, it turns around and cites the Wang papers for details, so there is no improvement there. More importantly, it is seriously out of date. At the time it was written it was thought that collisions were the only problem. It has now been demonstrated that there are forging and key recovery attacks on the order of sqr(n).

Hal

> -----Original Message-----
> From: Peter Saint-Andre [mailto:Peter.SaintAndre@webex.com]
> Sent: Wednesday, January 13, 2010 11:49 AM
> To: Frederick Hirsch; Harold Lockhart
> Cc: public-xmlsec@w3.org
> Subject: Re: Reference for SHA-1 being broken
> 
> 
> Instead of linking to for-pay content, I still think it would be 
> appropriate to reference RFC 4270 <http://tools.ietf.org/html/rfc4270>
> 
> 
> On 1/13/10 8:26 AM, "Frederick Hirsch" 
> <Frederick.Hirsch@nokia.com> wrote:
> 
> > thanks, I'll add this to the reference unless anyone objects.
> > 
> > regards, Frederick
> > 
> > Frederick Hirsch
> > Nokia
> > 
> > 
> > 
> > On Jan 13, 2010, at 10:19 AM, ext Harold Lockhart wrote:
> > 
> >> Here is a link, but you have to pay to get more than the abstract.
> >> 
> >> http://www.springerlink.com/content/26vljj3xhc28ux5m/
> >> 
> >> Hal
> >> 
> >>> -----Original Message-----
> >>> From: Frederick Hirsch [mailto:frederick.hirsch@nokia.com]
> >>> Sent: Tuesday, January 12, 2010 3:58 PM
> >>> To: Harold Lockhart
> >>> Cc: Frederick Hirsch; public-xmlsec@w3.org
> >>> Subject: Re: Reference for SHA-1 being broken
> >>> 
> >>> 
> >>> thanks. Is there a URL?
> >>> 
> >>> regards, Frederick
> >>> 
> >>> Frederick Hirsch
> >>> Nokia
> >>> 
> >>> 
> >>> 
> >>> On Jan 12, 2010, at 3:45 PM, ext Harold Lockhart wrote:
> >>> 
> >>>> Well Wang's team has published a bunch of papers in 2005
> and their
> >>>> initial results merely weakened SHA-1, while completely breaking 
> >>>> MD-5. However this seems to be the paper which convinced
> everybody
> >>>> that SHA-1 had to be phased out in fairly short order:
> >>>> 
> >>>> 
> >>>> Wang, X., Yin, Y.L., Yu, H.: Finding Collisions in the
> Full SHA-1.
> >>>> In Shoup, V., editor, Advances in Cryptology - CRYPTO 2005, 25th 
> >>>> Annual International Cryptology Conference, Santa Barbara, 
> >>>> California, USA, August 14-18, 2005, Proceedings, volume 3621 of 
> >>>> LNCS,
> pages 1736.
> >>>> Springer, 2005.
> >>>> 
> >>>> 
> >>>> Hal
> >>>> 
> >>> 
> >>> 
> >>> 
> > 
> > 
> 
>
Received on Wednesday, 13 January 2010 18:26:09 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 13 January 2010 18:26:10 GMT