| |||||||||||||
|
| |||||||||||||
The SHA successors, for nowThe SHA successors, for nowPosted Aug 18, 2004 17:55 UTC (Wed) by jvotaw (subscriber, #3678)In reply to: Crypto researchers abuzz over flaws (News.com) by hamjudo Parent article: Crypto researchers abuzz over flaws (News.com)
I'm sure Bruce Schneier will comment on this in the next Crypto-Gram, but my guess is: SHA-256, SHA-384 and SHA-512; they were designed after SHA-1 and hopefully are not susceptible.
-Joel
(Log in to post comments)
The SHA successors, for now Posted Aug 18, 2004 18:25 UTC (Wed) by mkettler (guest, #3933) [Link] Not necessarily. The design of SHA-256, etc, is the same as SHA-1. Thus, an algorithmic weakness in one is likely to be present in the other. The Ch(x,y,z) and Maj (x,y,z) that are the heart of the hash are the same for both.
The longer hash output makes SHA-256, etc, stronger against birthday attacks, but for algorithmic attacks you're not guaranteed any extra security over SHA1. You might increase the complexity, you might not. It depends on what part of the math gets attacked.
You can check for yourself reading FIPS-180-2:
http://csrc.nist.gov/publications/fips/fips180-2/fips180-...
The SHA successors, for now Posted Aug 18, 2004 19:30 UTC (Wed) by jvotaw (subscriber, #3678) [Link] I can believe that. This stuff is way over my head -- I should've emphasized the "hopefully" in my original message.
I was thinking of cases where people demonstrate a weakness in, say, a 9-round variant of an encryption algorithm, but feel safe with a 12- or 16-round variant, and was thinking the same thing *might* apply here.
But again, I'm way out of my depth.
-Joel
|
|
||||||||||||