Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

SHA-1 Broken
Schneier Weblog ^ | 02-16-2005 | Bruce Schneier

Posted on 02/16/2005 7:47:15 AM PST by zeugma

February 15, 2005

SHA-1 Broken

SHA-1 has been broken. Not a reduced-round version. Not a simplified version. The real thing.

The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu (mostly from Shandong University in China) have been quietly circulating a paper describing their results:

This attack builds on previous attacks on SHA-0 and SHA-1, and is a major, major cryptanalytic result. It pretty much puts a bullet into SHA-1 as a hash function for digital signatures (although it doesn't affect applications such as HMAC where collisions aren't important).

The paper isn't generally available yet. At this point I can't tell if the attack is real, but the paper looks good and this is a reputable research team.

More details when I have them.


TOPICS: Business/Economy; News/Current Events
KEYWORDS: computers; cryptography; digitalsignatures; privacy
Navigation: use the links below to view more comments.
first 1-2021-4041-6061-75 next last
This is big news. SHA-1 is used for digital certificates and cryptographic hashes. Part of the security you get with these types of hashes is the difficulty that you would have in generating a "collision", which is where two separate messages generate the same "hash". A reduction to 2^69 operations to generate a collision is significant. Like Mr. Schneier said, SHA-1 is dead for cryptographic use.
1 posted on 02/16/2005 7:47:20 AM PST by zeugma
[ Post Reply | Private Reply | View Replies]

To: zeugma

That's what I thought.


2 posted on 02/16/2005 7:48:55 AM PST by Dallas59 (Bush said the "F" word 27 times January 20th, 2005!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma

I like potato chips.


3 posted on 02/16/2005 7:49:32 AM PST by ericthecurdog (NOBODY puts BABY in the corner!!)
[ Post Reply | Private Reply | To 1 | View Replies]

Comment #4 Removed by Moderator

To: zeugma

I was just chatting with the wife about this at breakfast


5 posted on 02/16/2005 7:51:04 AM PST by traderrob6 (http://www.exposingtheleft.blogspot.com)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ericthecurdog

My cat's breath smells like cat food. :P


6 posted on 02/16/2005 7:51:06 AM PST by Constantine XIII
[ Post Reply | Private Reply | To 4 | View Replies]

To: zeugma
I thought SHA-0 and SHA-1 were kaput even back to their inception. The tripole phase cross delta inverters were proved impractical years ago.
7 posted on 02/16/2005 7:51:22 AM PST by oyez (¡Qué viva la revolución de Reagan!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma

I was just telling my grandkids about this, this morning


8 posted on 02/16/2005 7:51:28 AM PST by sure_fine (*not one to over kill the thought process*)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Dallas59

Same here. I was just thinking about this yesterday.


9 posted on 02/16/2005 7:51:55 AM PST by ladtx ( "Remember your regiment and follow your officers." Captain Charles May, 2d Dragoons, 9 May 1846)
[ Post Reply | Private Reply | To 2 | View Replies]

To: oyez

All your SHA-1 belong to us....


10 posted on 02/16/2005 7:53:42 AM PST by ricer1
[ Post Reply | Private Reply | To 7 | View Replies]

To: zeugma

11 posted on 02/16/2005 7:54:04 AM PST by ZinGirl
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma

Thanks for the info.

Lots of uneasy IT folk will be running 'round after hearing this news.


12 posted on 02/16/2005 7:55:19 AM PST by George Smiley (Do not remove this tagline under penalty of law.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Deb

I believe your green sweater might be over here....


13 posted on 02/16/2005 7:55:34 AM PST by Cyber Liberty (© 2004, Ravin' Lunatic since 4/98)
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma

worth noting is that SHA short for US Secure Hash Algorithm made by the NSA and heavily used for about 9 years now. It is possible the NSA knew about the weakness and got people (foreign govs) to use it so that they could read messages. Amusingly enough, no one know exaclty how the much much older DES works :)


14 posted on 02/16/2005 7:55:53 AM PST by minus_273
[ Post Reply | Private Reply | To 1 | View Replies]

To: minus_273

Does this mean that Walmart will be selling the SHA-1 at discount prices now?


15 posted on 02/16/2005 7:57:16 AM PST by ricer1
[ Post Reply | Private Reply | To 14 | View Replies]

To: zeugma


It's either bullets, particles or underwear.
16 posted on 02/16/2005 7:57:28 AM PST by Dallas59 (Bush said the "F" word 27 times January 20th, 2005!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: oyez
The tripole phase cross delta inverters were proved impractical years ago.

Yeah, whatever you do, don't cross the streams.


17 posted on 02/16/2005 7:59:09 AM PST by NonValueAdded ("We're going to take things away from you on behalf of the common good" HRC 6/28/2004)
[ Post Reply | Private Reply | To 7 | View Replies]

To: minus_273
Amusingly enough, no one know exaclty how the much much older DES works :)

Only the Shadow knows!

18 posted on 02/16/2005 8:00:19 AM PST by balrog666 (A myth by any other name is still inane.)
[ Post Reply | Private Reply | To 14 | View Replies]

To: Rokke

I'll reply to your other post later today.


19 posted on 02/16/2005 8:03:12 AM PST by blanknoone (Steyn: "The Dems are all exit and no strategy")
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma
Can MD5 be far behind? This would cause general chaos.
20 posted on 02/16/2005 8:08:28 AM PST by FoxPro (jroehl2@yahoo.com)
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-4041-6061-75 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson