This is short and to the point... Decius wrote: ] ] Where does this leave us? MD5 is fatally wounded; its ] ] use will be phased out. SHA-1 is still alive but the ] ] vultures are circling. A gradual transition away from ] ] SHA-1 will now start. The first stage will be a debate ] ] about alternatives, leading (I hope) to a consensus among ] ] practicing cryptographers about what the substitute will ] ] be. ] ] Answer, not a 5 alarm fire, but if you write or maintain ] cryptography code you can still expect some work coming up. Hal Finney has posted a nice writeup of Joux's SHA-0 result to the cryptography list. The implications are pretty significant for CHF design... "Nevertheless, Joux's results cast doubt on the very strategy of building hashes out of iterating compression functions. It appears that there is no hope of creating hashes in this way which approximate the theoretical model of a random function, which is the usual design goal for hash functions. This will probably further motivate researchers to explore new directions in hash function design." http://www.mail-archive.com/cryptography%40metzdowd.com/msg02611.html RE: Followup on SHA-1 break |