SHA1 broken

P

Paul Rubin

FYI.
From <http://www.schneier.com/blog/archives/2005/02/sha1_broken.html>:

The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu
(mostly from Shandong University in China) have been quietly
circulating a paper announcing their results:

* collisions in the the full SHA-1 in 2**69 hash operations, much
less than the brute-force attack of 2**80 operations based on
the hash length.

* collisions in SHA-0 in 2**39 operations.

* collisions in 58-round SHA-1 in 2**33 operations.
...

This is the same group that broke MD5 a few months ago and so this is
probably real. It doesn't immediately turn everyone's applications
inseecure (2**69 operations is still more than the 2**64 operations
that it takes to break MD5 by brute force) and if it's like the MD5
result, finds only free rather than targeted collisions. So don't panic.

Nonetheless I think Python should add SHA256/SHA384/SHA512 to the
stdlib for 2.4, and new applications should use them instead of SHA1
even though they're slower. These are the new NIST hash algorithms
announced when AES was standardized. Their design is a bit different
from SHA1 and probably more likely to resist this type of attack.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top