On July 11, 1994, the NIST proposed an interesting revision to FIPS 180, about the Secure Hash Standard:
A revision of Federal Information Processing Standard (FIPS) 180, Secure Hash Standard (SHS), is being proposed. This proposed revision corrects a technical flaw that made the standard less secure than had been thought. The algorithm is still reliable as a security mechanism, but [sic] the correction returns the SHS to the original level of security.
What was the technical flaw?
FIPS PUB 180-1, which specifies SHA-1, was published on 17 April, 1995. It superseded FIPS PUB 180, which was published on 11 May, 1993.
On the first page of FIPS PUB 180-1 it explains:
A circular left shift operation has been added to the specifications in section 7, line b, page 9 of FIPS 180 and its equivalent in section 8, line c, page 10 of FIPS180. This revision improves the security provided by this standard. The SHA-1 is based on principles similar to those used by Professor Ronald L. Rivest of MIT when designing the MD4 message digest algorithm 1, and is closely modelled [sic] after that algorithm.
Security was improved by the revision, but there is no explanation as to what the circular left shift remedied.
Does anyone know what the original flaw was?
