Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Computer Security (http://www.velocityreviews.com/forums/f38-computer-security.html)
-   -   SHA-1 Broken (http://www.velocityreviews.com/forums/t306398-sha-1-broken.html)

HOLY SHIT 02-16-2005 07:02 PM

SHA-1 Broken
 
http://www.schneier.com/blog/archive...1_broken.html:


February 15, 2005
SHA-1 Broken

SHA-1 has been broken. Not a reduced-round version. Not a simplified
version. The real thing.

The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu
(mostly from Shandong University in China) have been quietly
circulating a paper announcing their results:

* collisions in the the full SHA-1 in 2**69 hash operations, much
less than the brute-force attack of 2**80 operations based on
the hash length.

* collisions in SHA-0 in 2**39 operations.

* collisions in 58-round SHA-1 in 2**33 operations.

This attack builds on previous attacks on SHA-0 and SHA-1, and is a
major, major cryptanalytic result. It pretty much puts a bullet into
SHA-1 as a hash function for digital signatures (although it doesn't
affect applications such as HMAC where collisions aren't important).

The paper isn't generally available yet. At this point I can't tell
if the attack is real, but the paper looks good and this is a reputable
research team.

More details when I have them.

Posted on February 15, 2005 at 07:15 PM

~~~~~~~~~~~~~~~~~~~~~
This message was posted via one or more anonymous remailing services.
The original sender is unknown. Any address shown in the From header
is unverified. You need a valid hashcash token to post to groups other
than alt.test and alt.anonymous.messages. Visit www.panta-rhei.dyndns.org
for abuse and hashcash info.




winged 02-17-2005 02:01 AM

Re: SHA-1 Broken
 
HOLY **** wrote:
> http://www.schneier.com/blog/archive...1_broken.html:
>
>
> February 15, 2005
> SHA-1 Broken
>
> SHA-1 has been broken. Not a reduced-round version. Not a simplified
> version. The real thing.
>
> The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu
> (mostly from Shandong University in China) have been quietly
> circulating a paper announcing their results:
>
> * collisions in the the full SHA-1 in 2**69 hash operations, much
> less than the brute-force attack of 2**80 operations based on
> the hash length.
>
> * collisions in SHA-0 in 2**39 operations.
>
> * collisions in 58-round SHA-1 in 2**33 operations.
>
> This attack builds on previous attacks on SHA-0 and SHA-1, and is a
> major, major cryptanalytic result. It pretty much puts a bullet into
> SHA-1 as a hash function for digital signatures (although it doesn't
> affect applications such as HMAC where collisions aren't important).
>
> The paper isn't generally available yet. At this point I can't tell
> if the attack is real, but the paper looks good and this is a reputable
> research team.
>
> More details when I have them.
>
> Posted on February 15, 2005 at 07:15 PM
>
> ~~~~~~~~~~~~~~~~~~~~~
> This message was posted via one or more anonymous remailing services.
> The original sender is unknown. Any address shown in the From header
> is unverified. You need a valid hashcash token to post to groups other
> than alt.test and alt.anonymous.messages. Visit www.panta-rhei.dyndns.org
> for abuse and hashcash info.
>
>
>

From what I gather while SHA1 suffers from a similar problem that SHA-0
had, my reading indicates the flaw is not 100% but "may" sometimes work.
It is still a process intensive issue. Interesting article by David
Shaw on the issue at
http://lists.gnupg.org/pipermail/gnu...er/020190.html

Winged

Stevey 02-18-2005 01:23 PM

Re: SHA-1 Broken
 
* On 16 Feb 2005 21:01:14 EST, winged wrote:
> HOLY **** wrote:
>> http://www.schneier.com/blog/archive...1_broken.html:
>>
>> This attack builds on previous attacks on SHA-0 and SHA-1, and is a
>> major, major cryptanalytic result. It pretty much puts a bullet into


True.

>> SHA-1 as a hash function for digital signatures (although it doesn't
>> affect applications such as HMAC where collisions aren't important).


False.


All times are GMT. The time now is 10:00 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.