Slashdot Mirror

← Back to Stories (view on slashdot.org)

SHA-1 Broken

Posted by timothy on from the sha-na-na dept.

Nanolith writes "From Bruce Schneier's weblog: 'SHA-1 has been broken. Not a reduced-round version. Not a simplified version. The real thing. The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu (mostly from Shandong University in China) have been quietly circulating a paper announcing their results...'" Note, though, that Schneier also writes "The paper isn't generally available yet. At this point I can't tell if the attack is real, but the paper looks good and this is a reputable research team."

3 of 751 comments (clear)

  1. Re:Hmm by Donny+Smith · · Score: 0, Troll

    > So... anyone care to explain exactly what SHA-1 is?

    So... Anyone care to mark the fucking string, right click SHA-1 and choose Search the Web for "SHA-1"?
    How hard is that?

  2. Obligatory Gentoo reference by bonch · · Score: 1, Troll

    I just finished compiling it an hour ago, and then I see this announcement on Slashdot! This always happens.

  3. Re:Not a problem (yet) by tod_miller · · Score: 0, Troll

    If you do not know the string you are starting from THEN IT IS not better than brute force.

    I think as long as the HASHED value itself isn't useful in reducing the number of attacks, then we are ok.

    They are doing some funny poking around the edges.

    Take a large complex document, and make minor changes sequentially through the document.

    The number of changes would equal the hash space, therefore the number of minor changes they would make would be a brute force of the hash space, so they would create every possible hash (this was the aim, they didn't get this far as far as I can tell, this is very CPU intensive)

    But what they did do, was by changing a couple of bits here and there, was to find a hit.

    Now, when I leant about memory paging and hashing techniques WE TALKED about collisions, and they are very real and normal things.

    Until they stop quietly circulating things, and over hyped blog headlines stop getting /., we will not know WHAT their latest news means.

    the key is, if the hash doesn't help, the SHA1 was secure as it always was, which is not secure at all (because it is trivial to crack SHA1) but computationally it is not viable.

    to reitterate, SHA1 was never ever secure, it is trivial to crack, but computationally expensive (for now)

    --
    #hostfile 0.0.0.0 primidi.com 0.0.0.0 www.primidi.com 0.0.0.0 radio.weblogs.com