More on Newly Broken SHA-1

AnonymousStudent writes "Details are out about the reported broken SHA-1 hash function. The findings are that SHA-1 is not collision free and can be broken in 2^69 attempts instead of 2^80. This is about 2000 times faster. With todays computing power and Moores Law, a SHA-1 hash does not last too long. Using a modified DES Cracker, for the small sum of up to $38M, SHA-1 can be broken in 56 hours, with current computing power. In 18 months, the cost should go down by half. Jon Callas, PGP's CTO, put it best: 'It's time to walk, but not run, to the fire exits. You don't see smoke, but the fire alarms have gone off.' As Schneier suggests, 'It's time for us all to migrate away from SHA-1.' Alternatives include SHA-256 and SHA-512."

Re:Collision free hash?

That, to be honest, is rubbish.

First of all, of course SHA-1, like any has function, is not collision-free, not even "effectively" or "practically" or anything like that.

Furthermore, the successful attack on SHA-1 (if it is one; until the paper is actually published, that's not 100% sure) does not change anything about that in any way, and it does not mean that collisions suddenly will occur more often than previously thought. It only means that there is a way to find collisions (under certain circumstances) that's faster than brute-force.

Statements like "you'd have to use all of the computers on the planet for thousands of years to find a collision" are also uninformed, sensationalist rubbish. If I could use a computer in the (currently) ~30M USD range to compute a collision in 56 hours, as Schneier claims, then I could just as well brute-force SHA-1 in about 12,8 years (2000 times 56 hours) using the same equipment. Probably not really practical, depending on what exactly you want to do, but it's hardly "thousand of years" using "all the computers on the planet", is it?

Next time, don't post about topics you don't understand.