Skip to comments.
SHA-1 Broken
Schneier Weblog ^
| 02-16-2005
| Bruce Schneier
Posted on 02/16/2005 7:47:15 AM PST by zeugma
February 15, 2005
SHA-1 Broken
SHA-1 has been broken. Not a reduced-round version. Not a simplified version. The real thing.
The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu (mostly from Shandong University in China) have been quietly circulating a paper describing their results:
- collisions in the the full SHA-1 in 2**69 hash operations, much less than the brute-force attack of 2**80 operations based on the hash length.
- collisions in SHA-0 in 2**39 operations.
- collisions in 58-round SHA-1 in 2**33 operations.
This attack builds on previous attacks on SHA-0 and SHA-1, and is a major, major cryptanalytic result. It pretty much puts a bullet into SHA-1 as a hash function for digital signatures (although it doesn't affect applications such as HMAC where collisions aren't important).
The paper isn't generally available yet. At this point I can't tell if the attack is real, but the paper looks good and this is a reputable research team.
More details when I have them.
TOPICS: Business/Economy; News/Current Events
KEYWORDS: computers; cryptography; digitalsignatures; privacy
Navigation: use the links below to view more comments.
first 1-20, 21-40, 41-60, 61-75 next last
This is big news. SHA-1 is used for digital certificates and cryptographic hashes. Part of the security you get with these types of hashes is the difficulty that you would have in generating a "collision", which is where two separate messages generate the same "hash". A reduction to 2^69 operations to generate a collision is significant. Like Mr. Schneier said, SHA-1 is dead for cryptographic use.
1
posted on
02/16/2005 7:47:20 AM PST
by
zeugma
To: zeugma
2
posted on
02/16/2005 7:48:55 AM PST
by
Dallas59
(Bush said the "F" word 27 times January 20th, 2005!)
To: zeugma
3
posted on
02/16/2005 7:49:32 AM PST
by
ericthecurdog
(NOBODY puts BABY in the corner!!)
Comment #4 Removed by Moderator
To: zeugma
I was just chatting with the wife about this at breakfast
5
posted on
02/16/2005 7:51:04 AM PST
by
traderrob6
(http://www.exposingtheleft.blogspot.com)
To: ericthecurdog
My cat's breath smells like cat food. :P
To: zeugma
I thought SHA-0 and SHA-1 were kaput even back to their inception. The tripole phase cross delta inverters were proved impractical years ago.
7
posted on
02/16/2005 7:51:22 AM PST
by
oyez
(¡Qué viva la revolución de Reagan!)
To: zeugma
I was just telling my grandkids about this, this morning
8
posted on
02/16/2005 7:51:28 AM PST
by
sure_fine
(*not one to over kill the thought process*)
To: Dallas59
Same here. I was just thinking about this yesterday.
9
posted on
02/16/2005 7:51:55 AM PST
by
ladtx
( "Remember your regiment and follow your officers." Captain Charles May, 2d Dragoons, 9 May 1846)
To: oyez
All your SHA-1 belong to us....
10
posted on
02/16/2005 7:53:42 AM PST
by
ricer1
To: zeugma
11
posted on
02/16/2005 7:54:04 AM PST
by
ZinGirl
To: zeugma
Thanks for the info.
Lots of uneasy IT folk will be running 'round after hearing this news.
12
posted on
02/16/2005 7:55:19 AM PST
by
George Smiley
(Do not remove this tagline under penalty of law.)
To: Deb
I believe your green sweater might be over here....
13
posted on
02/16/2005 7:55:34 AM PST
by
Cyber Liberty
(© 2004, Ravin' Lunatic since 4/98)
To: zeugma
worth noting is that SHA short for US Secure Hash Algorithm made by the NSA and heavily used for about 9 years now. It is possible the NSA knew about the weakness and got people (foreign govs) to use it so that they could read messages. Amusingly enough, no one know exaclty how the much much older DES works :)
To: minus_273
Does this mean that Walmart will be selling the SHA-1 at discount prices now?
15
posted on
02/16/2005 7:57:16 AM PST
by
ricer1
To: zeugma
It's either bullets, particles or underwear.
16
posted on
02/16/2005 7:57:28 AM PST
by
Dallas59
(Bush said the "F" word 27 times January 20th, 2005!)
To: oyez
The tripole phase cross delta inverters were proved impractical years ago.Yeah, whatever you do, don't cross the streams.
17
posted on
02/16/2005 7:59:09 AM PST
by
NonValueAdded
("We're going to take things away from you on behalf of the common good" HRC 6/28/2004)
To: minus_273
Amusingly enough, no one know exaclty how the much much older DES works :) Only the Shadow knows!
18
posted on
02/16/2005 8:00:19 AM PST
by
balrog666
(A myth by any other name is still inane.)
To: Rokke
I'll reply to your other post later today.
19
posted on
02/16/2005 8:03:12 AM PST
by
blanknoone
(Steyn: "The Dems are all exit and no strategy")
To: zeugma
Can MD5 be far behind? This would cause general chaos.
20
posted on
02/16/2005 8:08:28 AM PST
by
FoxPro
(jroehl2@yahoo.com)
Navigation: use the links below to view more comments.
first 1-20, 21-40, 41-60, 61-75 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson