1. 11

  2. 1

    I’m a bit confused about their claim that “SHA-1 is broken”. This is a really fun article but isn’t it just building a hash that’s vulnerable to differential cryptanalysis? And differential cryptanalysis is one of the things you test your primitives against before standardizing them.

    Edit: Oh nevermind! They answed my question:

    What are the implications for SHA-1’s security?


    1. [Comment removed by author]

      1. 3

        To what end? Assuming that the SHA-1 constants are backdoored, they only allow generation of collisions for particular message headers, not messages in general. So which message format did the NSA target?