To put this in perspective, what is being said is that while the
original standard required over one septillion hash operations to
find a collision, some researchers believe they have found a way to
reduce this to under 600 quintillion hash operations. A
At one hash operation per nanosecond, a collision can be found
in less than twenty millennia. Clearly not quick enough to
be able to intercept credit card transactions over the web, but
closer to a point where a array of machines could attack a specific
I would presume that the bigger concern isn't that a given collision
could be found within a matter of years, but that in the upcoming months
and years that another 99.95% reduction will be found, and then another...
Thanks for putting that in perspective, Sam.
I had skimmed over the original article, but never had a chance to read anything more in-depth about it. So I was starting to think that perhaps an interim measure might be to keep both MD5 and SHA hashes around for comparison.
It's good to realize that while it's less secure now, it's still not unreasonably so :)
Dougal, put another way: an uncracked MD5 gives you 12864 bits of protection. A "broken" SHA-1 gives you 16080 - 11 = 14969 bits of protection. That is still 2,097,15232 (2 ** 215) times more secure than MD5.
Update: the above was updated to reflect that this is a birthday paradox attack, i.e., one where somebody can find (or construct) two documents with the same hash. I have seen no reports that indicate that the ability of somebody to construct a hash with the same value as an existing document is in any way compromized by this reported discovery.
To be more specific, the new SHA-1 break only affects very carefully constructed messages. This means that it is completely useless for an attacker impersonating an existing message, unless that message was purposely constructed to be attackable. The attack is only useful if the attacker creates both messages, and the attacker can choose the exact format of both messages.
The dust has hardly settled since last year’s reports of collisions in crypto hash functions including MD5. Now there are claims that SHA-1 is broken. There doesn’t seem any immediate cause for alarm, as Sam Ruby puts it: “At one...