Slashdot Mirror

← Back to Stories (view on slashdot.org)

SHA-1 Broken

Posted by timothy on from the sha-na-na dept.

Nanolith writes "From Bruce Schneier's weblog: 'SHA-1 has been broken. Not a reduced-round version. Not a simplified version. The real thing. The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu (mostly from Shandong University in China) have been quietly circulating a paper announcing their results...'" Note, though, that Schneier also writes "The paper isn't generally available yet. At this point I can't tell if the attack is real, but the paper looks good and this is a reputable research team."

44 of 751 comments (clear)

  1. Sigh by Anonymous Coward · · Score: 5, Funny

    And I just got done upgrading from MD5.

    1. Re:Sigh by dasunt · · Score: 4, Funny

      About a month ago, I needed a mechanism for password hashes.

      After some research, I decided that SHA1 was more secure than MD5.

      So I hunted down some good public domain SHA1 code, read through it, and added it to my code.

      Thanks /.!

    2. Re:Sigh by Janitha · · Score: 2, Funny

      Can you hear the sound... its the sound of admins all around the world crying. And I thought my SHA-1 rainbow tables were awsome.

    3. Re:Sigh by Frymaster · · Score: 3, Funny
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

      A mechanism to find collisions does not affect SHA-1's strength as a password hashing algorithm or its use in a hashed message authentication code. So you'll be just fine.Z

      really? well, i'm not the real frymaster. what do you say to that?

      -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iD8DBQFCEsqV7Kzi+hL3je0RAl7iAJ41SsgjgwMvrS5+1OLLYp pYkXUPOgCgzSQS c42DLVAjebLYs2VTPkT/iIc= =8699 -----END PGP SIGNATURE-----

      --

      2 1337 4 u!

    4. Re:Sigh by B3ryllium · · Score: 4, Funny

      You do realize, of course, that the recent preponderance of IRC-controlled botnets and such could easily be applied to a computational challenge such as this?

      Imagine tens of thousands of way-overpowered virus-infected 3Ghz Dell machines chewing threw the data?

      Then imagine a beowulf cluster of those.

  2. Prison. by Seumas · · Score: 5, Funny

    A lot of companies and products use SHA1 in some form or another. Does this mean that we can arrest and imprison these "researchers" if they ever step foot in America?

  3. Oh great... by randori82 · · Score: 3, Funny

    Time to change the VPN policies

  4. Time to switch.... by Anonymous Coward · · Score: 4, Funny

    ... to SHA-2!

  5. Time to start a panic by psetzer · · Score: 4, Funny

    If you don't switch to the newest, latest hashing algorithm, you will die horribly when your corrupted emacs RPM performs malicious code!!! Everyone, delete everything and log off of the Internets now!!! We're all gonna die!!! HELP!!!

    --
    "Anyone who attempts to generate random numbers by deterministic means is living in a state of sin." -- John von Neumann
  6. Damn it by afidel · · Score: 2, Funny

    /me
    Log into VPN Firewall
    Check VPN settings
    Notices SHA for authentication type
    Swears
    Checks other option, notices {none} and {md5}
    scratches head
    decides to go with MD5 until that too is broken /me wishes security were easier

    --
    There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
  7. Well... by game+kid · · Score: 2, Funny

    ...at least we still have SHA256, SHA384 and SHA512.

    That said...PWN3D!!1!

    --
    You can hold down the "B" button for continuous firing.
    1. Re:Well... by all+your+mwbassguy+a · · Score: 5, Funny

      thank god ROT-13 will never be cracked.

    2. Re:Well... by Wavicle · · Score: 3, Funny

      I noticed using ROT-2 gave what looked like a kinda-close decryption of ROT-13. So I started trying ROT-3, then ROT-4, I got as far as ROT-12 before I got bored and gave up, but it was showing great promise!

      --
      Education is a better safeguard of liberty than a standing army.
      Edward Everett (1794 - 1865)
    3. Re:Well... by flatface · · Score: 5, Funny

      That's nothing. ROT-26 offers the best encryption as of yet!

    4. Re:Well... by tonsofpcs · · Score: 5, Funny

      I can't read your post, it seems to be encrypted in that new ROT-26 scheme.

      --
      Video Production Support
    5. Re:Well... by E_elven · · Score: 2, Funny

      Comedy 102.

      Today's topic: Don't Make It Too Obvious.

      --
      Marxist evolution is just N generations away!
    6. Re:Well... by Jugalator · · Score: 3, Funny

      I think ROT-65536 would work even better, especially for Unicode.

      --
      Beware: In C++, your friends can see your privates!
  8. Re:what's left by mboverload · · Score: 2, Funny

    Everyone should just randomly hit keys on their keyboard for each file. Totally random, but most files with be "sfkhadou"

  9. So What? by cr0y · · Score: 2, Funny

    Long live ROT-13.

    Maybe crackers would stop messing with our encryption if it was extremely easy to deal with.

    SupahLeetCodah: d00d i just cracked SHA-1 and MD5,6 AND 7!!!1

    Steve: So did my grandma and my proctologist.

    --

    ItWasFree.com - Take the mystery
  10. Re:Hmm by Anonymous Coward · · Score: 2, Funny

    Ya.. 20 years ago we used a hashing algorithm at college. Not sure how secure it was but we got really messed up.

  11. Re:Now what do we use? by Trejkaz · · Score: 2, Funny

    crypt()

    --
    Karma: It's all a bunch of tree-huggin' hippy crap!
  12. Re:Hey by Anonymous Coward · · Score: 2, Funny

    oops I accidentally highlighted 'fucking' from your post instead and searched for that

    I am outraged! Does this disgusting thing called 'fucking' really happen ? I must know.

  13. Re:Info on what exactly SHA-1 is ... by jayhawk88 · · Score: 2, Funny

    Isn't this a plot from a Dan Brown book?

  14. I Can See Bruce Now.... by Alan+Hicks · · Score: 3, Funny

    Bruce sits at his desk, reading over the encrypted e-mail sent to him about breaking SHA-1, when a loud scream echoes from his office

    I JUST SENT OUT MY NEWSLETTER THIS MORNING!

    --
    Slackware, what else when it must be secure, stable, and easy?
  15. Re:My Research team broke RSA! by elmegil · · Score: 2, Funny

    And it's elegant. But it won't fit in the margin of a post on slashdot.

    --
    7 November 2006: The day Americans realized corruption and incompetence weren't addressing 11 September 2001
  16. Re:Broken or not? by Southpaw018 · · Score: 2, Funny

    I love how you link that like you're mister high and mighty and you don't spell his name in the link right. I didn't either, but I have ethos. I'd never heard of him before. =)

    --
    ACs are modded -6. I don't read you, I don't mod you, I don't see you. Don't like it? Don't be a coward.
  17. Brought to you also by.... by Dark+Coder · · Score: 2, Funny

    The MD5 crack team....

    http://www.md5crk.com/ (wayback archive)

  18. Re:Hmm by Tongo · · Score: 1, Funny

    When the holy fuck did this become a technical forum?!?!

  19. Re:Start recoding by NoMoreNicksLeft · · Score: 2, Funny

    It is official; Netcraft confirms: SHA1 is dying

    One more crippling bombshell hit the already beleaguered cryptohash community when IDC confirmed that cryptohash market share has dropped yet again, now down to less than a fraction of 1 percent of all cryptographic algorithms. Coming on the heels of a recent Netcraft survey which plainly states that SHA1 has lost more market share, this news serves to reinforce what we've known all along. SHA1 is collapsing in complete disarray, as fittingly exemplified by failing dead last in the recent Sys Admin comprehensive cryptography test.

    You don't need to be a Kreskin to predict SHA1's future. The hand writing is on the wall: SHA1 faces a bleak future. In fact there won't be any future at all for SHA1 because SHA1 is dying. Things are looking very bad for SHA1. As many of us are already aware, SHA1 continues to lose market share. Red ink flows like a river of blood.

    SHA1 is the most endangered of them all, having lost 93% of its core developers. The sudden and unpleasant departures of long time SHA1 developers Jordan Hubbard and Mike Smith only serve to underscore the point more clearly. There can no longer be any doubt: SHA1 is dying.

    Let's keep to the facts and look at the numbers.

    MD4 leader Theo states that there are 7000 users of MD4. How many users of MD5 are there? Let's see. The number of MD4 versus MD5 posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 MD5 users. SHA2 posts on Usenet are about half of the volume of MD5 posts. Therefore there are about 700 users of SHA2. A recent article put SHA1 at about 80 percent of the cryptohash market. Therefore there are (7000+1400+700)*4 = 36400 SHA1 users. This is consistent with the number of SHA1 Usenet posts.

    Due to the troubles of Walnut Creek, abysmal sales and so on, SHA1 went out of business and was taken over by RSA who sell another troubled cryptohash. Now RSA is also dead, its corpse turned over to yet another charnel house.

    All major surveys show that SHA1 has steadily declined in market share. SHA1 is very sick and its long term survival prospects are very dim. If SHA1 is to survive at all it will be among cryptographic dilettante dabblers. SHA1 continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, SHA1 is dead.

    Fact: SHA1 is dying

  20. Someone set us up the bomb by Sophrosyne · · Score: 2, Funny

    ... it looks to me the only solution is wipe Jinan city off the map.
    Now where did I leave my nukes....

  21. Available in OpenBSD ;-) by Anonymous Coward · · Score: 1, Funny

    Which of course is available for that ever so wonderfully secure os called OpenBSD ;-)

  22. Clue: Parent is joking by MarkusQ · · Score: 2, Funny

    Maybe his sense of humour fell through a one-way hash function some time back, but it's pretty clear from context that he's kidding.

    --MarkusQ

  23. SHA-1 is broken? Arggggh! by Peter+Cooper · · Score: 2, Funny

    Now I know why my site doesn't work anymore. SHA-1 is broken. Digest::SHA1 won't produce any hashes for me anymore, and I tried to debug the issue but couldn't work out what was going on. Thanks for letting us know SHA-1 is broken Slashdot. I wonder when it will be fixed?

  24. I'm still content with SHA-1 and DES by lawaetf1 · · Score: 2, Funny

    Realistically, if I gave any of you people a .txt file encrypted with DES and said that if you can crack it in 3 months I'll give you $15k.. would you be able to? I rather doubt it. 2^69 is still a plenty big number for me. I'll worry in a few years when CPUs are faster

    It never fails to crack me up how people freak out about theoretical weaknesses in cryptography but have $25 locks on their homes that any crook with a fork and a nail could open.... and steal your computer if not axe you to bits.
    but, but.. SHA-2 will save me!!

    --
    CommentBot 0.7a running with args "-module irritate,disagree -target random"
  25. Missing the point... by Wes+Janson · · Score: 2, Funny

    It's gone from being a billion times easier, to a half a billion times easier, to just simply find the person responsible and beat any necessary data out of them with a baseball bat and/or knife. Which is cheaper? Extensive studying of cryptography, thousands of dollars of computers, and an extremely long waiting time in order to brute-force something? Or just buying plane tickets, a blunt object, looking up the person's address on MapQuest, and having Cousin Luigi pay a friendly visit?

  26. better yet-- by bodrell · · Score: 4, Funny

    What someone really ought to do is use ROT-7.5 twice to decrypt ROT-13.

    --
    Si la vida me da palo, yo la voy a soportar Si la vida me da palo, yo la voy a espabilar
    1. Re:better yet-- by isometrick · · Score: 5, Funny

      7.5? 13? I'm guessing you aren't the one who broke SHA-1 ... :-p

    2. Re:better yet-- by SpaceLifeForm · · Score: 4, Funny

      Someone found that ROT-6.5 works better.

      --
      You are being MICROattacked, from various angles, in a SOFT manner.
  27. Re:Well by andersa · · Score: 2, Funny

    No, it didn't. In fact, this is the most important problem in CS.

    Nahh.. The most important problem in CS are those annoying campers.

  28. Hah! by Hobbex · · Score: 4, Funny

    That is nothing. This post has been encrypted with an unbreakable one-time-pad! TWICE!

  29. Using both "broken" hashes by HexDoll · · Score: 2, Funny

    Why not make two hashes of a password using different algorithms, one using MD5 and the other using SHA-1. If an attacker was able to produce a password where the hash matched one it would be very unlikely to get the correct hash using the other algorithm unless the attacker had found the original password.

  30. Well whatever it is... by cmacb · · Score: 4, Funny

    I hope they get it fixed soon.

  31. Great news for passwords by milosoftware · · Score: 2, Funny

    Now I can type a simple password, and produce a complex password that has the same hash.

    I'd type the complex one "32l;lkd49fj32*93f-FR" just once: When I create my account on the web site that demands that I have at least 8 characters, and some of them must be numeric and some must be non-alpha and so on.

    After that, I can just type my usual "foo" as password and it'll accept it because the hash fits.

    Huray.

    --
    Musicians don't die. They just decompose.
  32. unpublished paper reveals unspecified hole by snorklewacker · · Score: 3, Funny

    At least they gave the algorithm. If their synopsis is indicative of the paper, they illustrate that SHA-1 has collisions, and collisions can be discovered through the awesomely sophisticated technique of brute force. Pardon me while I dust off my bomb shelter.

    Let's wait for the actual paper. If it takes more CPU power to force a collision within a year than the whole of what IBM sells in that year, I think that the hash is doing its job...

    --
    I am no longer wasting my time with slashdot