question regarding relative security of md5 vs sha1

John Clizbe JPClizbe@comcast.net
Thu Sep 11 09:40:02 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John J. Courie II wrote:

> so let me get this straight, if moore's law is 'true' than a mathmetical
> analysis of hash sizes will result in it being ~30 years before md5 will
> be susceptible to bf/dict/b-day attacks, but it will be about about 80
> before sha1 will be susceptible to cracks of that level.  I know this is
> sort of OT but I couldn't think of anyone more qualified than the
> experts of the crypto software I am using.

IANAM, but that sounds about right. IIRC, Moore's "Law" was more an
empirical observation than outright scientific law. The other
consideration besides raw CPU power is the huge amount of storage required
for any attacks that relie on known plaintexts.

BTW, where can your key be found?

- --
John P. Clizbe                   Inet:   JPClizbe(a)comcast DOT nyet
Golden Bear Networks             PGP/GPG KeyID: 0x608D2A10
  "Most men take the straight and narrow. A few take the road less
traveled.  I chose to cut through the woods."
"*Hundreds* of customers like and use $CO's Unix products."
    - Darl McBride, CEO Caldera/$CO Group
(This .sig block was sponsored by IBM. All hail IBM.)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/YCb+HQSsSmCNKhARAlgOAKDW22iwvrKXw2CfB9SvP9Kmd9m24ACg2A5t
QW7iSuDzhLaUXKrcHRYpiGU=
=K4PW
-----END PGP SIGNATURE-----