Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

SHA-1 Broken
Schneier Weblog ^ | 02-16-2005 | Bruce Schneier

Posted on 02/16/2005 7:47:15 AM PST by zeugma

February 15, 2005

SHA-1 Broken

SHA-1 has been broken. Not a reduced-round version. Not a simplified version. The real thing.

The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu (mostly from Shandong University in China) have been quietly circulating a paper describing their results:

This attack builds on previous attacks on SHA-0 and SHA-1, and is a major, major cryptanalytic result. It pretty much puts a bullet into SHA-1 as a hash function for digital signatures (although it doesn't affect applications such as HMAC where collisions aren't important).

The paper isn't generally available yet. At this point I can't tell if the attack is real, but the paper looks good and this is a reputable research team.

More details when I have them.


TOPICS: Business/Economy; News/Current Events
KEYWORDS: computers; cryptography; digitalsignatures; privacy
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-75 next last
To: zeugma

Unlike others, I appreciate you posting this. Your average freeper will not likely understand the impact, and that is OK. It's like the person who owns a car and does no maintenance themselves... the just put gas in it and it goes.... People expect the net to work and the mechanics (the IT community) to fix whatever is wrong and move forward.


21 posted on 02/16/2005 8:09:15 AM PST by rit
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma

Does PKI use this?


22 posted on 02/16/2005 8:09:30 AM PST by PatriotCJC
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma

>More details when I have them.

Can't want!

Live Long and Prosper


23 posted on 02/16/2005 8:10:53 AM PST by MindBender26 (Having your own XM177 E2 means never having to say you are sorry......)
[ Post Reply | Private Reply | To 1 | View Replies]

To: MindBender26

I thought we were talking about the Chinese space program...


24 posted on 02/16/2005 8:14:10 AM PST by Taylor42
[ Post Reply | Private Reply | To 23 | View Replies]

To: zeugma

Sha-Na-Na?


25 posted on 02/16/2005 8:16:57 AM PST by pghkevin (Have you hugged your kids today? Have you thanked someone in the Military today?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: oyez
I thought SHA-0 and SHA-1 were kaput even back to their inception. The tripole phase cross delta inverters were proved impractical years ago.

Not in every case. When the cross delta inverters are first conjoined with an inverse wave capilator and then fed thru binary phase transducers, the effect is that of obviating the pre inductive plane generators usually necessary in this sort of operation.

26 posted on 02/16/2005 8:18:01 AM PST by JoeV1 (The Democrats-The unlawful and corrupt leading the uneducated and blind)
[ Post Reply | Private Reply | To 7 | View Replies]

To: oyez
"I thought SHA-0 and SHA-1 were kaput even back to their inception. The tripole phase cross delta inverters were proved impractical years ago."

Well, I heard they are all obsolete because of the flux capacitor.

27 posted on 02/16/2005 8:18:21 AM PST by Mad Dawgg (French: old Europe word meaning surrender)
[ Post Reply | Private Reply | To 7 | View Replies]

To: ricer1

My family switched to the pig latin protocol this morning.


28 posted on 02/16/2005 8:19:14 AM PST by One Proud Dad
[ Post Reply | Private Reply | To 15 | View Replies]

To: zeugma

WE'RE DOOMED!!!


29 posted on 02/16/2005 8:20:10 AM PST by dfwgator (It's sad that the news media treats Michael Jackson better than our military.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma

Is that like Sha-wing? Cause if my sha-wing is broken I can't see any reason to go on. Party on Garth.


30 posted on 02/16/2005 8:24:59 AM PST by Honor above all (I'm only here to help.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: rit

Companies that use SHA-1 for deferential backups will be in big trouble if true. They will have to move on to MD5, what a huge hassle.


31 posted on 02/16/2005 8:26:36 AM PST by FoxPro (jroehl2@yahoo.com)
[ Post Reply | Private Reply | To 21 | View Replies]

To: Constantine XIII

Never put your elbow in your ear.


32 posted on 02/16/2005 8:26:48 AM PST by BigDaddyTX
[ Post Reply | Private Reply | To 6 | View Replies]

To: rit

What does Windows use for its passwords?


33 posted on 02/16/2005 8:27:32 AM PST by FoxPro (jroehl2@yahoo.com)
[ Post Reply | Private Reply | To 21 | View Replies]

To: Cyber Liberty

How can one fathom such topics and still think of sex every 18 seconds?


34 posted on 02/16/2005 8:27:32 AM PST by DainBramage
[ Post Reply | Private Reply | To 13 | View Replies]

To: JoeV1
Pre-inductive plane generators (PPG's) haven't been used for years, are you kidding? We're talking about an actual flaw in the hash algorithm. You assume it will always come out with more potatoes than corned beef, but obviously we were blinded in our false sense of security.

If this report is indeed true, we may be talking about the fallibility of the Benelux axiom itself.

35 posted on 02/16/2005 8:27:36 AM PST by Sender (Team Infidel USA)
[ Post Reply | Private Reply | To 26 | View Replies]

To: ericthecurdog

Who can tell me where this came from?

"Never go out in the rain with your socks on."


36 posted on 02/16/2005 8:27:53 AM PST by BigDaddyTX
[ Post Reply | Private Reply | To 3 | View Replies]

To: zeugma

It's Carter's fault for withdrawing support! Now the evil Khomeini-666 algorithm will be taking over.


37 posted on 02/16/2005 8:29:52 AM PST by The Real J Fate
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma

Bump for interest.

While it's mostly babble to most people, cryptography is what makes a lot of our digital society possible (especially the "cashless society" aspect), and breaking major codes is of great concern.


38 posted on 02/16/2005 8:30:58 AM PST by ctdonath2
[ Post Reply | Private Reply | To 1 | View Replies]

To: Constantine XIII

Me fail English? That's unpossible!


39 posted on 02/16/2005 8:32:02 AM PST by Petronski (Oh for Heaven's sake....)
[ Post Reply | Private Reply | To 6 | View Replies]

To: zeugma

Just wait until they learn that RSA isn't secure, either. Suckers...

40 posted on 02/16/2005 8:32:09 AM PST by Southack (Media Bias means that Castro won't be punished for Cuban war crimes against Black Angolans in Africa)
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-75 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson