Replacement for SHA1 (SHA256 or SHA512)

Ron Teitelbaum Ron at USMedRec.com
Mon Oct 10 18:02:48 UTC 2005


Cees,

I totally agree.  My application is not affected by this problem since SHA1
is only being used to achieve a random distribution of data.  I think that
it would also be very difficult to use the results of this break to attack
anything useful.   I hate to go down this road again but, the fact that
there is any break in the SHA1 protocol means that it should not be used.
Schneier has suggested for some time now that it should have been replaced
and his suggestion is to move to SHA256 for the short term.   Just putting
the word SHA1 in my documentation could be risky, even if it represents no
risk at all.

Ron

-----Original Message-----
From: Cees De Groot [mailto:cdegroot at gmail.com] 
Sent: Monday, October 10, 2005 4:00 AM
To: Ron at usmedrec.com; The general-purpose Squeak developers list
Subject: Re: Replacement for SHA1 (SHA256 or SHA512)

On 10/10/05, Ron Teitelbaum <Ron at usmedrec.com> wrote:
> I noticed the implementation of SHA1, but considering that it has been
> broken [...]

I don't know the details of this - haven't been following crypto stuff
too much lately - but if you're worried about SHA1, you can always use
SHA1+MD5 (just use both algo's and concatenate them); it's extremely
unlikely that there are cases for which both algorithms are
broken/collide...

(update - I read Schneier's post -
http://www.schneier.com/blog/archives/2005/02/sha1_broken.html. I
think it is all too theoretical right now. For digital signatures,
even if you can find a collision - which requires a huge number of
operations - it is extremely unlikely that the collision represents a
valid document. And, as Schneier remarks, if you use a HMAC-style
algorithm, the results aren't relevant at all. As usual, the protocol
is as important as the underlying algorithms...)





More information about the Squeak-dev mailing list