Slashdot Mirror

← Back to Stories (view on slashdot.org)

SHA-1 Broken

Posted by timothy on Tuesday February 15, 2005 @03:25PM from the sha-na-na dept.

Nanolith writes "From Bruce Schneier's weblog: 'SHA-1 has been broken. Not a reduced-round version. Not a simplified version. The real thing. The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu (mostly from Shandong University in China) have been quietly circulating a paper announcing their results...'" Note, though, that Schneier also writes "The paper isn't generally available yet. At this point I can't tell if the attack is real, but the paper looks good and this is a reputable research team."

5 of 751 comments (clear)

Min score:

Reason:

Sort:

Hmm by Jicksta · 2005-02-15 15:27 · Score: 0, Redundant

So... anyone care to explain exactly what SHA-1 is?
1. Re:Hmm by mboverload · 2005-02-15 15:32 · Score: 1, Redundant
  
  http://en.wikipedia.org/wiki/SHA_family
Re:Sigh by hdparm · 2005-02-15 17:13 · Score: 0, Redundant

And yet, you find a time to post here. What a royally-sized asshole you are.
Re:So what's the big deal for the rest of us? by theantix · 2005-02-15 17:18 · Score: 1, Redundant

Here's a practical example: the RIAA/MPAA could write an application that would generate a valid hash for random data, corrupting bittorrent downloads. Bittorrent uses SHA-1 -- if you don't believe me check the source yourself.

--
501 Not Implemented
Same team who broke MD5 by henrypijames · 2005-02-15 22:01 · Score: 0, Redundant

This is the same team who broken MD4, MD5, HAVAL-128 and RIPEMD six months ago, so I'd rather believe this is true that calling them liars.