Main Menu

Login



Support Virus.Org

Help support Virus.Org by donating.
Donating allows us to keep this site free and pay the running costs of all our services.
SHA-1 Broken PDF Print E-mail
Written by Editor   
Sunday, 20 February 2005 01:07
Well it seems NIST may have had a crystal ball, this last week at the RSA Conference Chinese and US researchers have been circulating a paper where they announce that they have been able to break the full SHA-1 One-Way Hash by coming up with a way to get collisions in 2^69 hash operations. Being able to break SHA-1 in 2^69 hash operations makes it possible to mount a practical brute force attack with currently available computing hardware. The paper also announces that they have been able to attack Full SHA-0 in 2^39 hash operations and a reduced 58–round SHA-1 in just 2^33 hash operations.

At the moment the full details of the attack are not widely known so it is not possible for the cryptographic community to fully assess the attack to determine if it would really work. However the team that has announced the attack are considered reputable as the same team found collisions within MD5 last year.

Collisions in One-Way hash functions are not the end of the world, however they do have implications depending on the use of the hash function. For many uses the collisions would not have a huge degree of risk, such as for tasks such as error checking, however the use of SHA-1 for digital signatures with collisions does introduce an element of uncertainty around the authenticity of any digital signature.

When we get more details of the paper and the attack we will post more information.

Add this page to your favorite Social Bookmarking websites
Digg! Reddit! Del.icio.us! Google! Live! Facebook! Technorati! StumbleUpon! Yahoo!
Last Updated ( Thursday, 14 September 2006 23:18 )