Re: SHA and SHA-1 algorithms

Paulo Barreto (pbarreto@nw.com.br)
Mon, 29 Jun 1998 23:53:20 -0300

• Next message: Perry E. Metzger: "Re: truncated hashes"
• Previous message: Paulo Barreto: "Re: Cryptanalysis (was Re: TEA (was Re: filesystem encryption))"
• In reply to: Perry E. Metzger: "Re: Cryptanalysis (was Re: TEA (was Re: filesystem encryption))"

At 14:12 1998.06.29 +1000, Greg Rose wrote:

>The difference is that the left rotate (called a circular left shift in
>FIPS 180-1, http://csrc.nist.gov/fips/fip180-1.txt), has been added to
>the round function. There was no reason given for this change at the
>time, but one assumes it is because the NSA found an attack on it,

I've heard that the attack has been rediscovered and will be made public at
Crypto'98 in August (it's something called "differential collisions" --
note that the left rotate destroys bit alignment in the input while SHA-0
kept it; maybe that's the basis for the new attack).

Regards,

Paulo.

• Next message: Perry E. Metzger: "Re: truncated hashes"
• Previous message: Paulo Barreto: "Re: Cryptanalysis (was Re: TEA (was Re: filesystem encryption))"
• In reply to: Perry E. Metzger: "Re: Cryptanalysis (was Re: TEA (was Re: filesystem encryption))"