[DigeratiPrime]

from http://it.slashdot.o...7/01/20/1936257

Quote

Hades1010 writes to mention an article in the Epoch Times (a Chinese newspaper) about a brilliant Chinese professor who has cracked her fifth encryption scheme in ten years. This one's a doozy, too: she and her team have taken out the SHA-1 scheme, which includes the (highly thought of) MD5 algorithm. As a result, the U.S. government and major corporations will cease using the scheme within the next few years. From the article: " These two main algorithms are currently the crucial technology that electronic signatures and many other password securities use throughout the international community. They are widely used in banking, securities, and e-commerce. SHA-1 has been recognized as the cornerstone for modern Internet security. According to the article, in the early stages of Wang's research, there were other data encryption researchers who tried to crack it. However, none of them succeeded. This is why in 15 years Hash research had become the domain of hopeless research in many scientists' minds. "

whoa

[edit] apparently this happened over one year ago [17 December 2005] ...
http://www.newscientisttech.com/channel/te...yptography.html

[ripken204]

hmm, thats not good

[Camarade_Tux]

If this is the thing that happened one year ago, then else it is not usable in an attack else it just had to be confirmed; can't remember.

[prathapml]

Propaganda by the chinese..... (to plant FUD scares)

[tain]

SHA-1 has been considered as effectively broken for at least a year now. Use SHA-2.

[CoffeeFiend]

TAiN, on Jan 22 2007, 01:40 AM, said:

SHA-1 has been considered as effectively broken for at least a year now. Use SHA-2.

Nah, just a lot weaker than it used to be (i.e. it's easier to bruteforce). But in a properly implemented (secure) system it's not like they should have access to hashes or anything anyways, and it should still be reasonably secure to use regardless (not like we've heard of much systems being hacked because of this in the last couple of years either) - enough for most basic systems (not things like banking or such). If someone already has your user's password hashes, you're already hacked as far as I'm concerned.

Been using SHA-256 for the last 2 or 3 years anyways. No point in using the weaker hash for new apps - it's as much work to use it anyways (16 extra bytes to store - total non-issue). 512 is just beyond overkill.

Mind you, MD5 is even weaker (by a long shot), but you still see it used widely even today... This is far more of a concern than SHA-1. This one you can consider effectively broken.

Besides being something from back in Feb '05 (~2 years old), it's much of a non-story.

[DigeratiPrime]

Related (from http://it.slashdot.o...7/01/24/020205)

Quote

A Competition To Replace SHA-1
"In light of recent attacks on SHA-1, NIST is preparing for a competition to augment and revise the current Secure Hash Standard. The public competition will be run much like the development process for the Advance Encryption Standard, and is expected to take 3 years. As a first step, NIST is publishing draft minimum acceptability requirements, submission requirements, and evaluation criteria for candidate algorithms, and requests public comment by April 27, 2007. NIST has ordered Federal agencies to stop using SHA-1 and instead to use the SHA-2 family of hash functions."

http://www.full-disk.../nist_hash.html

[LLXX]

Long live the Chinese!

Edit: I bet the same thing is going to happen to SHA-2 in a short while

This post has been edited by LLXX: 25 January 2007 - 03:50 AM

[CoffeeFiend]

LLXX, on Jan 25 2007, 04:50 AM, said:

Long live the Chinese!

Edit: I bet the same thing is going to happen to SHA-2 in a short while

Who cares? They're replacing SHA1 primarily as a preventive measure, as one day it might be too risky (with computing power being cheaper and such) - and that it's rather trivial to replace it with another HMAC anyways.

SHA1 is not totally broken, it's just somewhat weaker than expected. It still takes 2^53 attempts to get 2 totally random strings with the same hash, and for most purposes, that random string is useless. With a 10M$ computer (not something everybody has), it would still take like 4 months. And again, in most applications, if some hacker has access to your hashes, they already have access to your whole database, and you have far more serious issues on your hands than the hashes not being the strongest... The real place where a somewhat random string (collision) would be useful is for file hashes (then again, who would spend 4 month's worth of processing time on a 10M$ computer to modify on of your files and ensure the hash stays the same?) -- where MD5 is still widely used anyways, despite of it being a really weak hash, that can be broken in a few days (or few hours with a bit of luck) on any home PC.

Even if there were weaknesses in SHA-2 (not unlikely), it still wouldn't matter. SHA-256 has 96 more bits than SHA-1 (more collision resistant). If it is 2^48 more computationally intensive to crack, it would take 281 474 976 million years on that same 10M$ computer (way longer than earth has existed for). Even if they find some flaws and that it can be cracked a few thousand times faster (like for SHA-1) and that computing power got a thousand times cheaper, it still wouldn't change the big picture much. If you're really paranoid, then go for SHA-384 or SHA-512...

SHA-1 is still perfectly fine for most purposes (for now at least), although there's no real reason not to use something stronger on new systems (no more work required).