How Secure is RSA-SHA1

[anoop]

Hello,
I am doing the Security Audit of a .Net Application Developed on
ASP.Net 1.1. The Developer has informed me that he has implemented RSA-SHA1
for the Authentication Module, The credentials of which are shown below.

challenge=AbDwjDe34zzDBEzF5WdnzPuNTUY%3D&hidFlag=T&posx=79e5b
30ea23345a0395c371d39cc4524fbd3b293d510f676112fa54b89714d0877
e5410e3bfe1cd9189b2927c4f7f72687f94e14e48e2a642914a6202e7c
3c6eeecf59e2ddc41a0a0a7b7e42370d142cc7756e38277cac21f2ff182
19e5ad13088134261f7ab9a59bc076d7e27bf418b9fd45630ed33bbb57
bbd18b67108b6ba&txtUID=&txtPWD=

Now I wanted to know , if this type of Security can also be breached by an
attacker. If this is possible, then how?. Please Help

Thanks in Advance

 

[Joe Kaplan]

There is nothing really inherently insecure about SHA1 as a hash algorithm,
although some fairly recent research was able to expose a technique
suggesting that it might be easier than previously thought to compromise
(although still not very easy or practical).

However, that says nothing about how SHA1 is applied to this security
protocol. The design of the protocol is the important thing. If you don't
understand how to evaluate the application of cryptography to solve a
technical problem, then you probably shouldn't be responsible for auditing
it. The information you have provided below doesn't tell us anything about
how they are applying SHA1 to the problem.

Joe K.