Re: SHA and SHA-1 algorithms

lcs Mixmaster Remailer (mix@anon.lcs.mit.edu)
6 Jul 1998 17:40:06 -0000

• Next message: Ben Laurie: "Re: Random Data from Geiger Counter"
• Previous message: Perry E. Metzger: "Re: Random Data from Geiger Counter"
• In reply to: William H. Geiger III: "Random Data from Geiger Counter"

> >The difference is that the left rotate (called a circular left shift in
> >FIPS 180-1, http://csrc.nist.gov/fips/fip180-1.txt), has been added to
> >the round function. There was no reason given for this change at the
> >time, but one assumes it is because the NSA found an attack on it,
>
> I've heard that the attack has been rediscovered and will be made public at
> Crypto'98 in August (it's something called "differential collisions" --
> note that the left rotate destroys bit alignment in the input while SHA-0
> kept it; maybe that's the basis for the new attack).

ftp://ftp.ens.fr/pub/dmi/users/chabaud/sha.ps is a pre-release of the
paper for Crypto 98.

• Next message: Ben Laurie: "Re: Random Data from Geiger Counter"
• Previous message: Perry E. Metzger: "Re: Random Data from Geiger Counter"
• In reply to: William H. Geiger III: "Random Data from Geiger Counter"