02-16-2005, 05:00 AM | #1 | |
Is papyrophobic!
Posts: 1,926
Karma: 1009999
Join Date: Aug 2003
Location: USA
Device: Dell Axim
|
Scary: SHA-1 broken
According to Bruce Schneier, a team of analysts from Shandong University in China have broken SHA-1 (Secure Hash Algorithm).
Bruce: Quote:
|
|
02-16-2005, 06:39 PM | #2 |
Aficionado
Posts: 391
Karma: 710
Join Date: Jul 2003
Location: Denver, CO, USA
Device: Nexus 7, Kindle Touch
|
Morpheus, would you shed some light on this? Where is SHA-1 being used? Like, when I send my Amazon password through their "secure" servers?
|
Advert | |
|
02-18-2005, 12:23 PM | #3 |
Is papyrophobic!
Posts: 1,926
Karma: 1009999
Join Date: Aug 2003
Location: USA
Device: Dell Axim
|
Francesco, check Wikibooks for some information on SHA-1, and this document on some more general information on hash functions. When we speak of a hash function being broken, we mean that someone has managed to do exactly what we hoped was not feasible: to find two messages that would be assigned the same fingerprint when using the hash function in question. Such a pair of messages is called a collision.
|
02-18-2005, 01:39 PM | #4 |
Aficionado
Posts: 391
Karma: 710
Join Date: Jul 2003
Location: Denver, CO, USA
Device: Nexus 7, Kindle Touch
|
Now I see, thanks.
|
02-20-2005, 08:23 AM | #5 |
Guru
Posts: 914
Karma: 3410461
Join Date: May 2004
Device: Kindle Touch
|
Schneider just wrote some more on hash functions and SHA-1 being broken.
|
Advert | |
|
02-22-2005, 11:41 AM | #7 |
Evangelist
Posts: 418
Karma: 281
Join Date: Jul 2004
Location: Canada
Device: Assorted older devices
|
Remember, this is not a big threat. Collisions occur very rarely. So rarely that most are complete gibberish. So this is no threat for encryption, but a small (and only small) threat to digital signatures. The biggest problem is the fear of other vulnerabilities being found. But SHA-1 is ok to stick to for now. People will just move away from it over the next year or so.
|
06-24-2005, 03:50 PM | #8 |
Fully Converged
Posts: 18,163
Karma: 14021202
Join Date: Oct 2002
Location: Switzerland
Device: Too many to count here.
|
Schneier just posted an update on his page. You can read the full paper, "Finding Collisions in the Full SHA-1," by Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu, here.
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Want to see something scary? | Fbone | General Discussions | 32 | 08-07-2010 05:41 AM |
Seriously thoughtful If you're a driver .... scary ! | GeoffC | Lounge | 6 | 04-18-2010 12:28 AM |
All new...and slightly scary | nikki | Introduce Yourself | 6 | 10-10-2009 01:58 AM |
That was scary! | pshrynk | Lounge | 30 | 07-16-2009 04:41 PM |
This forum is Scary! | p3aul | Sony Reader | 8 | 07-01-2009 08:34 AM |