Results 1 to 7 of 7

Thread: SHA-1 has been broken

  1. #1
    Hoopy Frood
    Join Date
    Jun 2004
    Posts
    662

    SHA-1 has been broken

    SHA-1 has been broken, according to Slashdot.org
    Nanolith writes "From Bruce Schneier's weblog: 'SHA-1 has been broken. Not a reduced-round version. Not a simplified version. The real thing. The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu (mostly from Shandong University in China) have been quietly circulating a paper announcing their results...'" Note, though, that Scheier also writes "The paper isn't generally available yet. At this point I can't tell if the attack is real, but the paper looks good and this is a reputable research team."
    "Personality is only ripe when a man has made the truth his own."

    -- Søren Kierkegaard

  2. #2
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Looks like it's time to make the full switch to MD5...
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  3. #3
    Hoopy Frood
    Join Date
    Jun 2004
    Posts
    662
    MD5 was also broken couple months ago. I believe it was by the same group.

    - X
    "Personality is only ripe when a man has made the truth his own."

    -- Søren Kierkegaard

  4. #4
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    http://www.antionline.com/showthread...hreadid=264461

    Interesting related materials from Dan Kaminsky:
    http://www.doxpara.com/

    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  5. #5
    Senior Member
    Join Date
    Mar 2004
    Posts
    557
    Hi

    MD5 indeed was broken by the same group of Xiaoyun Wang[1]. However, they
    have shown a collision attack rather than a preimage attack. But still ...

    With SHA-1, the same group has shown a method to reduce the computational
    effort to produce a collision by more than 10 orders of magnitude. Still, 2^69
    operations seem to be necessary - which is far for being computationally feasible.

    Future? I am wondering whether a collision for MD5 and SHA-1 with a preimage
    attack can be created simultaneously. I assume it is perfectly safe at the moment
    to rely on the combination of MD5 and SHA-1 hashes


    Cheers.




    [1] http://eprint.iacr.org/2004/199.pdf
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

  6. #6
    Hoopy Frood
    Join Date
    Jun 2004
    Posts
    662

    More info

    More information posted on Slashdot this morning:
    "Details are out about the Areported broken SHA-1 hash function. The findings are that SHA-1 is not collision free and can be broken in 2^69 attempts instead of 2^80. This is about 2000 times faster. With todays computing power and Moores Law, a SHA-1 hash does not last too long. Using a modified DES Cracker, for the small sum of up to $38M, SHA-1 can be broken in 56 hours, with current computing power. In 18 months, the cost should go down by half. Jon Callas, PGP's CTO, put it best: 'It's time to walk, but not run, to the fire exits. You don't see smoke, but the fire alarms have gone off.' As Schneier suggests, 'It's time for us all to migrate away from SHA-1.' Alternatives include SHA-256 and SHA-512."
    Source: http://it.slashdot.org/it/05/02/19/1...id=172&tid=218
    "Personality is only ripe when a man has made the truth his own."

    -- Søren Kierkegaard

  7. #7
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    Revisited:

    Although alarming at first, I have revisited this issue a few times. Since almost everything I use is SHA-1 based. Can anyone say PGP and RSA? What has transpired here is the ability to duplicate the Hash far faster than anyone thought possible by generating and then detecting collisions. SHA-1 is a single component of a system using various techniques to protect data. Why do I bring up this old thread? I think the statement that it has been "broken" is a little over the top, but it IS a problem so what do we do?

    The same methods can be used to detect hashes in MD4 by hand and MD5 in a few hours. These do NOT directly lead to a compromise, meaning someone can't just hang off the network and sniff your encryption but they are definitely items that should be addresses as software is upgraded because they could impersonate your applications, which would be a much deeper attack.

    There is a new variant of SHA-1 that produces longer hash functions, (mentioned in AO as SHA-256 etc.) in fact the NSA says SHA-1 is fine, but should be phased out by 2010. But the NSA only uses SHA-1 for "unclassified" communications. To date, almost a year after the MD5 collisions were announced and then later the unpublished paper on SHA-1 (built off MD5) there has been very little accomplished. Why? Because it's a big concern but not an immediate threat. Meaning there are other glaring security issues taking up our time. Mostly poorly written application that are infinitely easier to compromise than creating a duplicate hash.

    I think it’s safe to say that a personal computer would take a very long time to duplicate a hash so threats are limited to governments and rich corporations at the moment. But using the NSA as a gauge; 2010 isn't that far off considering a quick inventory of what could cause issues in the very near future as the paper is circulated: PGP, RSA, .Net, EVERYTHING MS uses (IIS,SQL,kitchen sink), and our beloved SSL. Using longer SHA-1 hashes only makes the "method" longer in its process. The application of compromise is the same.

    Sensationalism aside; so we wait and deploy fixes as they become available through routine maintenance releases?


    References:
    http://www.answers.com/topic/sha-family
    http://www.addict3d.org/index.php?pa...curity&ID=3103
    http://www.cs.ucl.ac.uk/staff/I.Brown/nts.htm
    http://nsa.gov
    Http://nist.gov
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •