SHA-1 Broken

Discussion in 'Computer Security' started by HOLY SHIT, Feb 16, 2005.

  1. HOLY SHIT

    HOLY SHIT Guest

    http://www.schneier.com/blog/archives/2005/02/sha1_broken.html:


    February 15, 2005
    SHA-1 Broken

    SHA-1 has been broken. Not a reduced-round version. Not a simplified
    version. The real thing.

    The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu
    (mostly from Shandong University in China) have been quietly
    circulating a paper announcing their results:

    * collisions in the the full SHA-1 in 2**69 hash operations, much
    less than the brute-force attack of 2**80 operations based on
    the hash length.

    * collisions in SHA-0 in 2**39 operations.

    * collisions in 58-round SHA-1 in 2**33 operations.

    This attack builds on previous attacks on SHA-0 and SHA-1, and is a
    major, major cryptanalytic result. It pretty much puts a bullet into
    SHA-1 as a hash function for digital signatures (although it doesn't
    affect applications such as HMAC where collisions aren't important).

    The paper isn't generally available yet. At this point I can't tell
    if the attack is real, but the paper looks good and this is a reputable
    research team.

    More details when I have them.

    Posted on February 15, 2005 at 07:15 PM

    ~~~~~~~~~~~~~~~~~~~~~
    This message was posted via one or more anonymous remailing services.
    The original sender is unknown. Any address shown in the From header
    is unverified. You need a valid hashcash token to post to groups other
    than alt.test and alt.anonymous.messages. Visit www.panta-rhei.dyndns.org
    for abuse and hashcash info.
     
    HOLY SHIT, Feb 16, 2005
    #1
    1. Advertising

  2. HOLY SHIT

    winged Guest

    HOLY SHIT wrote:
    > http://www.schneier.com/blog/archives/2005/02/sha1_broken.html:
    >
    >
    > February 15, 2005
    > SHA-1 Broken
    >
    > SHA-1 has been broken. Not a reduced-round version. Not a simplified
    > version. The real thing.
    >
    > The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu
    > (mostly from Shandong University in China) have been quietly
    > circulating a paper announcing their results:
    >
    > * collisions in the the full SHA-1 in 2**69 hash operations, much
    > less than the brute-force attack of 2**80 operations based on
    > the hash length.
    >
    > * collisions in SHA-0 in 2**39 operations.
    >
    > * collisions in 58-round SHA-1 in 2**33 operations.
    >
    > This attack builds on previous attacks on SHA-0 and SHA-1, and is a
    > major, major cryptanalytic result. It pretty much puts a bullet into
    > SHA-1 as a hash function for digital signatures (although it doesn't
    > affect applications such as HMAC where collisions aren't important).
    >
    > The paper isn't generally available yet. At this point I can't tell
    > if the attack is real, but the paper looks good and this is a reputable
    > research team.
    >
    > More details when I have them.
    >
    > Posted on February 15, 2005 at 07:15 PM
    >
    > ~~~~~~~~~~~~~~~~~~~~~
    > This message was posted via one or more anonymous remailing services.
    > The original sender is unknown. Any address shown in the From header
    > is unverified. You need a valid hashcash token to post to groups other
    > than alt.test and alt.anonymous.messages. Visit www.panta-rhei.dyndns.org
    > for abuse and hashcash info.
    >
    >
    >

    From what I gather while SHA1 suffers from a similar problem that SHA-0
    had, my reading indicates the flaw is not 100% but "may" sometimes work.
    It is still a process intensive issue. Interesting article by David
    Shaw on the issue at
    http://lists.gnupg.org/pipermail/gnupg-users/2003-September/020190.html

    Winged
     
    winged, Feb 17, 2005
    #2
    1. Advertising

  3. HOLY SHIT

    Stevey Guest

    * On 16 Feb 2005 21:01:14 EST, winged wrote:
    > HOLY SHIT wrote:
    >> http://www.schneier.com/blog/archives/2005/02/sha1_broken.html:
    >>
    >> This attack builds on previous attacks on SHA-0 and SHA-1, and is a
    >> major, major cryptanalytic result. It pretty much puts a bullet into


    True.

    >> SHA-1 as a hash function for digital signatures (although it doesn't
    >> affect applications such as HMAC where collisions aren't important).


    False.
     
    Stevey, Feb 18, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Marco

    3-DES and SHA-1-HMAC

    Marco, Oct 23, 2003, in forum: Cisco
    Replies:
    0
    Views:
    438
    Marco
    Oct 23, 2003
  2. pszResonation

    sha-3-grace

    pszResonation, Jul 31, 2007, in forum: Computer Security
    Replies:
    0
    Views:
    465
    pszResonation
    Jul 31, 2007
  3. pszResonation

    sha-3-grace

    pszResonation, Jul 31, 2007, in forum: Computer Information
    Replies:
    0
    Views:
    464
    pszResonation
    Jul 31, 2007
  4. Ramon F Herrera

    Looking for SHA-2 (256) that builds on Linux

    Ramon F Herrera, Jul 29, 2009, in forum: Computer Security
    Replies:
    2
    Views:
    1,214
    Unruh
    Jul 29, 2009
  5. Stiffmaster

    SHA 1 calculating Authentication and Verification time

    Stiffmaster, Jan 8, 2010, in forum: General Computer Support
    Replies:
    0
    Views:
    1,211
    Stiffmaster
    Jan 8, 2010
Loading...

Share This Page