From owner-freebsd-security@FreeBSD.ORG  Tue Sep 28 16:27:34 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id DCE5A16A4CE; Tue, 28 Sep 2004 16:27:34 +0000 (GMT)
Received: from pd4mo2so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net
	[24.71.223.10])	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 6BB3A43D2D; Tue, 28 Sep 2004 16:27:34 +0000 (GMT)
	(envelope-from colin.percival@wadham.ox.ac.uk)
Received: from pd5mr3so.prod.shaw.ca
 (pd5mr3so-qfe3.prod.shaw.ca [10.0.141.144]) by l-daemon
 (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004))
 with ESMTP id <0I4R005HDF1Y6PA0@l-daemon>; Tue,
 28 Sep 2004 10:27:34 -0600 (MDT)
Received: from pn2ml6so.prod.shaw.ca ([10.0.121.150])
 by pd5mr3so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar
 15 2004)) with ESMTP id <0I4R003VLF1YLHK0@pd5mr3so.prod.shaw.ca>; Tue,
 28 Sep 2004 10:27:34 -0600 (MDT)
Received: from [192.168.0.60]
	(S0106006067227a4a.vc.shawcable.net [24.87.233.42])2003))
	with ESMTP id <0I4R0031NF1XD6@l-daemon>;
	Tue, 28 Sep 2004 10:27:34 -0600 (MDT)
Date: Tue, 28 Sep 2004 09:27:33 -0700
From: Colin Percival <colin.percival@wadham.ox.ac.uk>
In-reply-to: <20040928161359.GA22274@VARK.MIT.EDU>
To: David Schultz <das@freebsd.org>
Message-id: <415990F5.4040505@wadham.ox.ac.uk>
MIME-version: 1.0
Content-type: text/plain; format=flowed; charset=us-ascii
Content-transfer-encoding: 7bit
X-Accept-Language: en-us, en
References: <Pine.LNX.4.33.0111071900280.24824-100000@moroni.pp.asu.edu>
 <20011107211316.A7830@nomad.lets.net> <20040925140242.GB78219@gothmog.gr>
 <41575DFC.9020206@wadham.ox.ac.uk>
 <20040927091710.GC914@orion.daedalusnetworks.priv>
 <41582024.2080205@wadham.ox.ac.uk> <20040928161359.GA22274@VARK.MIT.EDU>
User-Agent: Mozilla Thunderbird 0.7.3 (X11/20040928)
cc: freebsd-security@freebsd.org
Subject: Re: compare-by-hash (was Re: sharing /etc/passwd)
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Sep 2004 16:27:35 -0000

David Schultz wrote:
> ...  In fact, recent results have
> raised some concerns about SHA-1 (http://eprint.iacr.org/2004/146/).

I have yet to hear any justification for claims that the SHA-0 attack
implies a weakness in SHA-1.  The paper you cite even says "Due to the
additional rotate instruction, the results of this paper are not
applicable to SHA-1".

Colin Percival