Everything happens for a reason, except possibly football.
Yay! The paper “Why not bomb them today? - Das politische Wirken John von Neumanns” 46halbe and I wrote was linked by wreck tide. It’s good to know that other people find our stuff interesting.
In related news: I mirrored the site 46halbe made. A pdf will be available soon.
“SHA-1 has been broken. Not a reduced-round version. Not a simplified version. The real thing. [...] It pretty much puts a bullet into SHA-1 as a hash function for digital signatures (although it doesn’t affect applications such as HMAC where collisions aren’t important).”
[Schneier on Security via /. ]
Does anyone now if RIpEMD160 is secure?
Edit: I asked that question cause my GnupG has three hash-functions and this is the only one not compromised. Of course wikipedia knows it all:
“It is an improved version of RIpEMD, which in turn was based upon the design principles used in MD4, and is similar in both strength and performance to the more popular SHA-1.”
However: “RIpEMD-160 was designed in the open academic community, in contrast to the NSA-designed algorithm, SHA-1. On the other hand, RIpEMD-160 is a less popular and correspondingly less well-studied design.”
Edit2: Hmm. I’m not really sure how to use RIpEMD-160 with Enigmail end if other OSes are capable to work with that. I’ll keep you posted.
[source]
I think there should be a [security] category.
Edit2: Changed category [coding] to [security] cause Gossip heeded my request. Thx!
Edit3: For all Enigmail-users:
“GnupG hash algorithm (currently only 1 supported!)
user_pref(”extensions.enigmail.mimeHashAlgorithm”,1) ;
UI: Enigmail > preferences > pGp/MIME; Hash algorithm
Default set to SHA1.
MD5 and RIpEMD160 are available for selection but will not work currently”
[Source]
Also heise.de says, that this is not practicable usable. Also the results one would get are far from resembling a systematic manipulation.
Edit4: All is well, at least for know. Arccording to another article at heise.de even a cluster of specialized overclocked machines would compute for “some” years before finding a collision (two texts which would have the same hash). A counterfeit of a real signature would require a ‘preimage’-attack which would take even longer.
I’ll close this post with Bruce Schneiers conclusion: “For the average Internet user, this news is not a cause for panic. No one is going to be breaking digital signatures or reading encrypted messages anytime soon. The electronic world is no less secure after these announcements than it was before. [...] Jon Callas, pGp’s CTO, put it best: “It’s time to walk, but not run, to the fire exits. You don’t see smoke, but the fire alarms have gone off.” [...] The Chinese cryptographers deserve a lot of credit for their work, and we need to get to work replacing SHA.”
Edited on Feb 21st 2005, 13:12 by jeck
Today was the last lecture of ‘history of computing’. And again the prof gave an example of his vast knowledge: In one sentence he made a connection between GNU/Linux, anarchy/communism and the Spanish civil war. And it even makes sense…
In the supermarket I had a flashing of precognitive perception. While emptying my shopping cart I suddenly knew that when I’m finished there’ll be a man who would want to get my cart without realising that he has to pass the entrance before getting one. Well, what should I say. As I was finished packing, there was a man who…
Edited on Feb 16th 2005, 06:33 by jeck
jeck's twitter jeck at mr. wong
Recent Comments