It’s just data

SHA-1 "Broken"

It has been nearly six months since the Collision in MD5 was found, and now the alert is being sounded that SHA1 is "broken".

To put this in perspective, what is being said is that while the original standard required over one septillion hash operations to find a collision, some researchers believe they have found a way to reduce this to under 600 quintillion hash operations.  A 99.95% reduction.

At one hash operation per nanosecond, a collision can be found in less than twenty millennia.  Clearly not quick enough to be able to intercept credit card transactions over the web, but closer to a point where a array of machines could attack a specific document.

I would presume that the bigger concern isn't that a given collision could be found within a matter of years, but that in the upcoming months and years that another 99.95% reduction will be found, and then another...


Thanks for putting that in perspective, Sam.

I had skimmed over the original article, but never had a chance to read anything more in-depth about it. So I was starting to think that perhaps an interim measure might be to keep both MD5 and SHA hashes around for comparison.

It's good to realize that while it's less secure now, it's still not unreasonably so :)

Posted by Dougal Campbell at

Dougal, put another way: an uncracked MD5 gives you 128 64 bits of protection.  A "broken" SHA-1 gives you 160 80 - 11 = 149 69 bits of protection.  That is still 2,097,152 32 (2 ** 21 5) times more secure than MD5.

Update: the above was updated to reflect that this is a birthday paradox attack, i.e., one where somebody can find (or construct) two documents with the same hash. I have seen no reports that indicate that the ability of somebody to construct a hash with the same value as an existing document is in any way compromized by this reported discovery.

Posted by Sam Ruby at

To be more specific, the new SHA-1 break only affects very carefully constructed messages. This means that it is completely useless for an attacker impersonating an existing message, unless that message was purposely constructed to be attackable. The attack is only useful if the attacker creates both messages, and the attacker can choose the exact format of both messages.

Posted by Paul Hoffman at

SHA-1 broken

... [more]

Trackback from simon's ramblings

at

SHA1 Broken?

SHA1 Broken?  See here. [link] Here is a nice table of hash functions and attacks.[link]...

Excerpt from William's .Net Zone at

Sam Ruby with one of the better write-ups on the impact of the SHA-1 break. Short and accurate....

Excerpt from del.icio.us/rtomayko at

SHA-1 Less Roadworthy

The dust has hardly settled since last year’s reports of collisions in crypto hash functions including MD5. Now there are claims that SHA-1 is broken. There doesn’t seem any immediate cause for alarm, as Sam Ruby puts it: “At one...

Excerpt from The Grid Computing Blog at

SHA-1 “Broken”

How bad is this? Can I still store passwords in SHA-1?

Posted by Net Toolbox - SHA-1 Generator at

Add your comment