[Monotone-devel] Re: SHA-1 Broken

monotone-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Monotone-devel] Re: SHA-1 Broken

From:	graydon hoare
Subject:	[Monotone-devel] Re: SHA-1 Broken
Date:	Tue, 15 Feb 2005 23:49:44 -0500
User-agent:	Mozilla Thunderbird 1.0 (X11/20041206)

Dean Kusler wrote:

I'm sure many of y'all have already seen this, but I hadn't seen itposted to the list yet. Preliminary details on Bruce Schneier's blog.
http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
Of course, collision attacks probably aren't that important forMonotone's use of SHA-1, since you'd need to have a malicious personwith write access to your database, in which case you're probablyscrewed anyways.

you'd also need an attacker wealthy enough to scrape up 2^69 work units,in which case you're also probably screwed anyways.

but we should, as a matter of courtesy, update our standard hash tosomething stronger soon. as soon as there's a community consensus aboutwhich hash in particular represents "something stronger".

it's worth noting that any competing system which uses digitalsignatures as a security mechanism is equally weakened by this excitingdevelopment.


-graydon

[Prev in Thread]

Current Thread

[Next in Thread]

[Monotone-devel] SHA-1 Broken, Dean Kusler, 2005/02/15
- [Monotone-devel] Re: SHA-1 Broken, graydon hoare <=

Prev by Date: [Monotone-devel] SHA-1 Broken
Next by Date: Re: [Monotone-devel] Ideas and questions.
Previous by thread: [Monotone-devel] SHA-1 Broken
Next by thread: [Monotone-devel] Multiple projects and future commands
Index(es):
- Date
- Thread