SHA-1 Broken

Nanolith writes "From Bruce Schneier's weblog: 'SHA-1 has been broken. Not a reduced-round version. Not a simplified version. The real thing. The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu (mostly from Shandong University in China) have been quietly circulating a paper announcing their results...'" Note, though, that Schneier also writes "The paper isn't generally available yet. At this point I can't tell if the attack is real, but the paper looks good and this is a reputable research team."

Meanwhile in Redmond

[Profane+MuthaFucka]

A marketing guy has a bright idea:

"Hey Bob, I was in the airport the other day and these two geeks were talking all about SHA-1. Said they read about it on Slashdot, and a Chinese research team was spending an awful lot of time working on it. We should definitely put this SHA-1, whatever it is, into the next release of our products. Send a memo to the development managers, and call our guy over at Gartner."

If you've ever deprecated MD5, please take note!

[aphor]

I just want to say "What's UP?" All of this NONSENSE that popped up a while ago about MD5 being "harmful some day" is really PALE in comparison to "SHA-1 has a theoretical attack" let alone "SHA-1 has been broken." I want to give proper acknowledgement for all of the people who try really hard to stay in the ACTUAL world.