LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

LWN.net Weekly Edition for January 26, 2012

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

The SHA successors, for now

The SHA successors, for now

Posted Aug 18, 2004 18:25 UTC (Wed) by mkettler (guest, #3933)
In reply to: The SHA successors, for now by jvotaw
Parent article: Crypto researchers abuzz over flaws (News.com)

Not necessarily. The design of SHA-256, etc, is the same as SHA-1. Thus, an algorithmic weakness in one is likely to be present in the other. The Ch(x,y,z) and Maj (x,y,z) that are the heart of the hash are the same for both.

The longer hash output makes SHA-256, etc, stronger against birthday attacks, but for algorithmic attacks you're not guaranteed any extra security over SHA1. You might increase the complexity, you might not. It depends on what part of the math gets attacked.

You can check for yourself reading FIPS-180-2:

http://csrc.nist.gov/publications/fips/fips180-2/fips180-...

(Log in to post comments)

The SHA successors, for now

Posted Aug 18, 2004 19:30 UTC (Wed) by jvotaw (subscriber, #3678) [Link]

I can believe that. This stuff is way over my head -- I should've emphasized the "hopefully" in my original message.

I was thinking of cases where people demonstrate a weakness in, say, a 9-round variant of an encryption algorithm, but feel safe with a 12- or 16-round variant, and was thinking the same thing *might* apply here.

But again, I'm way out of my depth.

-Joel

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds