[MASOCH-L] SHA1 e MD5

Rodrigo Ristow Branco rrbranco at pobox.com
Mon Sep 10 16:12:31 -03 2007


desculpem, esqueci a URL da fonte

http://www.csrc.nist.gov/pki/HashWorkshop/NIST%20Statement/NIST_Policy_on_HashFunctions.htm



On 9/10/07, Rodrigo Ristow Branco <rrbranco at pobox.com> wrote:
>
> sobre o SHA1
>
>
>
> *NIST's Policy on Hash Functions*
>
> March 15, 2006: *The SHA-2 family of hash functions (i.e., SHA-224,
> SHA-256, SHA-384 and SHA-512) may be used by Federal agencies for all
> applications using secure hash algorithms.* Federal agencies *should* stop
> using SHA-1 for digital signatures, digital time stamping and other
> applications that require collision resistance as soon as practical, and
> must use the SHA-2 family of hash functions for these applications after
> 2010. After 2010, Federal agencies may use SHA-1 only for the following
> applications: hash-based message authentication codes (HMACs); key
> derivation functions (KDFs); and random number generators (RNGs). Regardless
> of use, NIST encourages application and protocol designers to use the SHA-2
> family of hash functions for all new applications and protocols.
>
>
>
>
>
> On 9/10/07, Rodrigo Ristow Branco < rrbranco at pobox.com> wrote:
> >
> > sobre o MD5
> >
> > http://en.wikipedia.org/wiki/MD5#External_links
> >              Two colliding PostScript files with the same size<http://www.cits.rub.de/MD5Collisions/>
> >               http://www.cits.rub.de/MD5Collisions/
> >
> >
> > MD5 Collision Demo
> > Collisions in the MD5 cryptographic hash function
> > http://www.mathstat.dal.ca/~selinger/md5collision/<http://www.mathstat.dal.ca/%7Eselinger/md5collision/>
> >
> > ...
> > The following is an improvement of Diaz's example, which does not need a
> > special extractor. Here are two pairs of executable programs (one pair runs
> > on Windows, one pair on Linux).
> >
> >    - *Windows version:*
> >       - hello.exe<http://www.mathstat.dal.ca/%7Eselinger/md5collision/hello.exe>.
> >       MD5 Sum: cdc47d670159eef60916ca03a9d4a007
> >       - erase.exe<http://www.mathstat.dal.ca/%7Eselinger/md5collision/erase.exe>.
> >       MD5 Sum: cdc47d670159eef60916ca03a9d4a007
> >    - *Linux version (i386):*
> >       - hello<http://www.mathstat.dal.ca/%7Eselinger/md5collision/hello>.
> >       MD5 Sum: da5c61e1edc0f18337e46418e48c1290
> >       - erase<http://www.mathstat.dal.ca/%7Eselinger/md5collision/erase>.
> >       MD5 Sum: da5c61e1edc0f18337e46418e48c1290
> >
> > ...
> >
> >
> >
> >
> > On 9/10/07, Carlos Henrique < carloshenrique at urbi.com.br> wrote:
> > >
> > >
> > > Pessoal,
> > >
> > > Gostaria de saber qual algoritmo de hash é o mais seguro, o MD5 ou o
> > > SHA1?
> > > Tem alguma vantagem de se implementar um ou outro, para armazenamento
> > > de
> > > senhas em bando de dados?
> > >
> > > Forte abraço
> > > Carlos Henrique
> > > __
> > > masoch-l list
> > > https://eng.registro.br/mailman/listinfo/masoch-l
> > >
> >
> >
>



More information about the masoch-l mailing list