login      my ps      about      contact  



home instructor-led training online training blogs


Security Briefs » SHA-1 Broken

SHA-1 Broken

Security Briefs

Pluralsight Blogs

Syndication

Recent Posts

Tags

View more

Keith's books

Misc

Recent Articles

Archives

Thanks Craig for the heads up. Schneier points to a paper that demonstrates an attack against SHA-1 that “pretty much puts a bullet in it”.

If this pans out, a lot of people are going to be scrambling. We've been told by the experts for a long time to prefer SHA-1 over MD5. But Schneier warned years ago in Secrets and Lies that not much research effort had been put into examining cryptographic hash functions, so this “surprise” really shouldn't be all that surprising.

Over the last year, I've been recommending that folks use SHA-256 based on Ferguson and Schneier (if you are writing crypto code, please read this book). My guess is that a lot of folks will be moving in this direction soon.

Posted Feb 16 2005, 06:37 AM by keith-brown
Filed under: ,

Comments

John Davidson wrote re: SHA-1 Broken
on 02-16-2005 9:27 AM
NIST requires the federal government to move to SHA-256 or SHA-512 by 2010. They have recommended that the migration start now for both vendors and clients, wherever possible.
Scott Galloway wrote re: SHA-1 Broken
on 02-16-2005 9:45 AM
Well, the book you mentioned says: "We don't want to recommend them, but we don't have much choice" this is hardly a glowing recommendation. It really is surprising just how little work seems to have been done into hash functions. The major problem with the longer functions is just how slow they are (you can typically AES encrypt a string in the same time it takes to calculate the SHA-512 hash).
Ah well...now to get my own supercomputer soi I can crack X-Box games (which use SHA-1 as a verification hash) :-)
Scott Galloway wrote re: SHA-1 Broken
on 02-16-2005 9:53 AM
Incidentally, there's a nice table of hash functions along with attacks here: http://planeta.terra.com.br/informatica/paulobarreto/hflounge.html
Keith Brown wrote re: SHA-1 Broken
on 02-16-2005 10:16 AM
Ferguson mentions that hashing is theoretically much more complicated than encryption, so it's not surprising that a good hash function will take longer to compute than encrypting the same data. The industry has been using the high perf hash functions (MD5 and SHA-1), and it looks like it's coming around to haunt them now.
William wrote re: SHA-1 Broken
on 02-16-2005 3:42 PM
I don't see how that would change things much. It stands to reason that there has to be collisions as 20 bytes can not hold all possible combinations of data in the wild. Trying to find another combination of data that would match to *your hash would still seem to be almost impossible (and the data would have to be some kind of reasonable input.) Am I missing something?
Keith Brown wrote re: SHA-1 Broken
on 02-16-2005 4:31 PM
2^20 is an awful large search space to find a collision. A successful attack implies that this search space is significantly reduced.

Even an attack message that is complete garbage will likely do damage in many systems. A hash (or more specifically a MAC) often protects trusted data as it flows over the network. If the data is trusted, it may not be checked for wellformedness before being consumed.

Those who were paranoid about input, even from supposedly trusted sources, will reap benefits here.
Aaron Lerch wrote re: SHA-1 Broken
on 02-16-2005 7:08 PM
"Those who were paranoid about input, even from supposedly trusted sources, will reap benefits here."

Amen!!!
Dilip wrote re: SHA-1 Broken
on 02-17-2005 8:28 AM
Another perspective:

http://www.intertwingly.net/blog/2005/02/16/SHA-1-Broken

Add a Comment

(required)  
(optional)
(required)  
Remember Me?


home instructor-led training online training blogs

781.749.9238 (East Coast) | 310.251.9901 (West Coast) | Pluralsight, LLC , 185 Lincoln St., Suite 305, Hingham, MA 02043-1741

Copyright © 2008 Pluralsight LLC. All rights reserved.

designed by nukeation