I’m a bit confused about their claim that “SHA-1 is broken”. This is a really fun article but isn’t it just building a hash that’s vulnerable to differential cryptanalysis? And differential cryptanalysis is one of the things you test your primitives against before standardizing them.
To what end? Assuming that the SHA-1 constants are backdoored, they only allow generation of collisions for particular message headers, not messages in general. So which message format did the NSA target?
I’m a bit confused about their claim that “SHA-1 is broken”. This is a really fun article but isn’t it just building a hash that’s vulnerable to differential cryptanalysis? And differential cryptanalysis is one of the things you test your primitives against before standardizing them.
Edit: Oh nevermind! They answed my question:
[Comment removed by author]
To what end? Assuming that the SHA-1 constants are backdoored, they only allow generation of collisions for particular message headers, not messages in general. So which message format did the NSA target?