Secure Hash Standard (SHS/SHA) Broken by NSA

[Jim Gillogly <jim@mycroft.rand.org>]

Just received a NIST Media Advisory (April 22, 1994, contact Anne Enright
Shepherd).  I'll pick out some sample sentences:

       NIST ANNOUNCES TECHNICAL CORRECTION TO SECURE HASH STANDARD
       -----------------------------------------------------------

   The National Institute of Standards and Technology today announced it
   will initiate a technical modification to a computer security standard
   used to support the authentication of electronic messages.  The
   revision will correct a minor flaw that government mathematicians
   discovered in a formula that underlies the standard.

   ... remains a highly secure way to ensure integrity of ...
   NIST expects that products implementing the current standard can be
   used until the technical correction becomes effective.

   Researchers at the National Security Agency, who developed the formula
   and discovered the flaw in a continuing evaluation process, now believe
   that although the forumla in FIPS 180 is less secure than originally
   thought, it is still extremely reliable as a technical computer
   security mechanism.  The discovery of this flaw indicates the value of
   continued research on existing and new standards.

   ...

It goes on to describe the standard in general terms and NIST's role.
There's no quantification about how badly it's broken in terms of (say)
effective number of bits of protection; seems logical that it's pretty
severe (i.e. well under 160) if it's bad enough for them to go public with
the fix.

Know any other existing or new standards that could use continued research?

	Jim Gillogly
	1 Thrimidge S.R. 1994, 23:07