SHA1 broken?

Wed Feb 16 14:44:42 PST 2005

    --
> There is however a huge problem replace SHA-1 by something
> else from now to tomorrow: Other algorithms are not as well
> anaylyzed and compared against SHA-1 as for example AES to
> DES are; so there is no immediate successor of SHA-1 of whom
> we can be sure to withstand the possible new techniques.
> Second, SHA-1 is tightly integrated in many protocols without
> a fallback algorithms (OpenPGP: fingerprints, MDC, default
> signature algorithm and more).

They reduced the break time of SHA1 from 2^80 to 2^69.

Presumably they will succeed in reducing the break time of
SHA256 from 2^128 to a mere 2^109 or so.

So SHA256 should be OK.

2^69 is damn near unbreakable.  2^80 is really unbreakable. 

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     IQqit8pqSokARYxy1xVLrTaVRSKMAGvz2MXbQqXi
     4DAQZgw0sbP3OcD3kgO+x7f+VfsPD4E8EBsB96d/D