Scary: SHA-1 broken

Colin Dunstan · 02-16-2005, 05:00 AM

According to Bruce Schneier, a team of analysts from Shandong University in China have broken SHA-1 (Secure Hash Algorithm).

Bruce:

Quote:

It pretty much puts a bullet into SHA-1 as a hash function for digital signatures (although it doesn't affect applications such as HMAC where collisions aren't important).

Francesco · 02-16-2005, 06:39 PM

Morpheus, would you shed some light on this? Where is SHA-1 being used? Like, when I send my Amazon password through their "secure" servers?

Colin Dunstan · 02-18-2005, 12:23 PM

Francesco, check Wikibooks for some information on SHA-1, and this document on some more general information on hash functions. When we speak of a hash function being broken, we mean that someone has managed to do exactly what we hoped was not feasible: to find two messages that would be assigned the same fingerprint when using the hash function in question. Such a pair of messages is called a collision.

Francesco · 02-18-2005, 01:39 PM

Now I see, thanks.

doctorow · 02-20-2005, 08:23 AM

Schneider just wrote some more on hash functions and SHA-1 being broken.

Alexander Turcic · 02-22-2005, 04:23 AM

Thanks for the news Morpheus.

I actually found the paper! You can download it from here.

Chaos · 02-22-2005, 11:41 AM

Remember, this is not a big threat. Collisions occur very rarely. So rarely that most are complete gibberish. So this is no threat for encryption, but a small (and only small) threat to digital signatures. The biggest problem is the fear of other vulnerabilities being found. But SHA-1 is ok to stick to for now. People will just move away from it over the next year or so.

Alexander Turcic · 06-24-2005, 03:50 PM

Schneier just posted an update on his page. You can read the full paper, "Finding Collisions in the Full SHA-1," by Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu, here.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Want to see something scary?	Fbone	General Discussions	32	08-07-2010 05:41 AM
Seriously thoughtful If you're a driver .... scary !	GeoffC	Lounge	6	04-18-2010 12:28 AM
All new...and slightly scary	nikki	Introduce Yourself	6	10-10-2009 01:58 AM
That was scary!	pshrynk	Lounge	30	07-16-2009 04:41 PM
This forum is Scary!	p3aul	Sony Reader	8	07-01-2009 08:34 AM

02-16-2005, 06:39 PM	#2
Francesco Aficionado Posts: 391 Karma: 710 Join Date: Jul 2003 Location: Denver, CO, USA Device: Nexus 7, Kindle Touch	Morpheus, would you shed some light on this? Where is SHA-1 being used? Like, when I send my Amazon password through their "secure" servers?

02-18-2005, 12:23 PM	#3
Colin Dunstan Is papyrophobic! Posts: 1,926 Karma: 1009999 Join Date: Aug 2003 Location: USA Device: Dell Axim	Francesco, check Wikibooks for some information on SHA-1, and this document on some more general information on hash functions. When we speak of a hash function being broken, we mean that someone has managed to do exactly what we hoped was not feasible: to find two messages that would be assigned the same fingerprint when using the hash function in question. Such a pair of messages is called a collision.

02-18-2005, 01:39 PM	#4
Francesco Aficionado Posts: 391 Karma: 710 Join Date: Jul 2003 Location: Denver, CO, USA Device: Nexus 7, Kindle Touch	Now I see, thanks.

02-20-2005, 08:23 AM	#5
doctorow Guru Posts: 914 Karma: 3410461 Join Date: May 2004 Device: Kindle Touch	Schneider just wrote some more on hash functions and SHA-1 being broken.

02-22-2005, 04:23 AM	#6
Alexander Turcic Fully Converged Posts: 18,175 Karma: 14021202 Join Date: Oct 2002 Location: Switzerland Device: Too many to count here.	Thanks for the news Morpheus. I actually found the paper! You can download it from here.

02-22-2005, 11:41 AM	#7
Chaos Evangelist Posts: 418 Karma: 281 Join Date: Jul 2004 Location: Canada Device: Assorted older devices	Remember, this is not a big threat. Collisions occur very rarely. So rarely that most are complete gibberish. So this is no threat for encryption, but a small (and only small) threat to digital signatures. The biggest problem is the fear of other vulnerabilities being found. But SHA-1 is ok to stick to for now. People will just move away from it over the next year or so.

06-24-2005, 03:50 PM	#8
Alexander Turcic Fully Converged Posts: 18,175 Karma: 14021202 Join Date: Oct 2002 Location: Switzerland Device: Too many to count here.	Schneier just posted an update on his page. You can read the full paper, "Finding Collisions in the Full SHA-1," by Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu, here.

Advert

Advert