[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MD5 vs. SHA-1, Selection Criteria

To: perry@piermont.com
Subject: Re: MD5 vs. SHA-1, Selection Criteria
From: Phil Karn Jr <karn@baa01075.slip.digex.net>
Date: Sat, 25 May 1996 00:29:55 -0400 (EDT)
Cc: ipsec@TIS.COM
In-Reply-To: <199605241852.OAA00221@jekyll.piermont.com> (perry@piermont.com)
MMDF-Warning: Unable to confirm address in preceding line at neptune.TIS.COM
MMDF-Warning: Unable to confirm address in preceding line at neptune.TIS.COM
Reply-To: karn@qualcomm.com
Sender: ipsec-approval@neptune.tis.com

>SHA-1 is a product of our friends at the NSA. Although I'm not always
>a fan of their export policies, they do appear to usually release
>algorithms of the highest possible quality.

Assuming, of course, that they are properly motivated to do so. They
certainly know as well as we do that a well designed hash function can
serve as the primitive of a strong cipher. I suspect they knew this
well before they read it in Applied Cryptography and in Dan
Bernstein's famous "snuffle" papers.

So given NSA's well-documented reluctance to distribute strong ciphers
without a back door, I am highly skeptical that they really made SHA-1
as strong as it could be.

Or maybe I'm just paranoid. But it's a point worth considering.

Phil

References:

Re: MD5 vs. SHA-1, Selection Criteria

From: "Perry E. Metzger" <perry@piermont.com>

Prev by Date: Re: sha vs. md5
Next by Date: Re: MD5 vs. SHA-1, Selection Criteria
Prev by thread: Re: MD5 vs. SHA-1, Selection Criteria
Next by thread: Re: MD5 vs. SHA-1, Selection Criteria
Index(es):
- Main
- Thread