Slashdot Mirror

← Back to Stories (view on slashdot.org)

More on Newly Broken SHA-1

Posted by CowboyNeal on from the all-hands-abandon-ship dept.

AnonymousStudent writes "Details are out about the reported broken SHA-1 hash function. The findings are that SHA-1 is not collision free and can be broken in 2^69 attempts instead of 2^80. This is about 2000 times faster. With todays computing power and Moores Law, a SHA-1 hash does not last too long. Using a modified DES Cracker, for the small sum of up to $38M, SHA-1 can be broken in 56 hours, with current computing power. In 18 months, the cost should go down by half. Jon Callas, PGP's CTO, put it best: 'It's time to walk, but not run, to the fire exits. You don't see smoke, but the fire alarms have gone off.' As Schneier suggests, 'It's time for us all to migrate away from SHA-1.' Alternatives include SHA-256 and SHA-512."

14 of 362 comments (clear)

  1. SHA-1 by mboverload · · Score: 5, Funny

    SHA-1? pshhhh. They should be using SHA+1. Thats 2 more!

    1. Re:SHA-1 by Anonymous Coward · · Score: 2, Funny

      I'll wait for SHA+/-1 dual format

    2. Re:SHA-1 by stutterbug · · Score: 4, Funny

      Soon, there will be SHA-++. And inevitably, Microsoft will make SHA-# ("sha-SHARP") that will take as much computing power to generate as it will to break. Ah, progress.

  2. Re:2000 times faster? by Temporal · · Score: 4, Funny

    Jesus Christ. In the time it took to write my post (all of 30 seconds), five other people replied to you.

    Just goes to show, the quickest and most effective way to get information on the net is to post something that is wrong.

  3. Re:Collision free hash? by Anonymous Coward · · Score: 1, Funny

    Since hell froze over in 1852. Read the constitution! It happened!

  4. Re:2000 times faster? by Lisandro · · Score: 4, Funny

    I bet $50 that a hard drive manufacturer came up with that!

  5. Re:2000 times faster? by Anonymous Coward · · Score: 3, Funny

    I'll take that bet! (And you owe me $64 if you lose.)

  6. Re:2000 times faster? by Anonymous Coward · · Score: 0, Funny

    An excellent troll. You got an enormous amount of gullible idiots to show their 'intelligence' by correcting you. Pure genius.

  7. Re:Price by Anonymous Coward · · Score: 1, Funny

    Since when did the pound sign work in Slashcode?! Slashcode is maintained, updated and extended?!

    I need a stiff drink.

  8. Re:2000 times faster? by swillden · · Score: 2, Funny

    >>> FIRST CORRECTION

    >> 15th actually, and you were wrong anyway.

    > Depends on the desired precision.

    Certainly. Because 1 is approximately equal to 15 for large values of 1 and small values of 15. If you squint.

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  9. Re:2000 times faster? by Anonymous Coward · · Score: 2, Funny
    This is true.

    Whenever I can't figure out how to do something in Linux, I just make a post saying, "Linux sucks because it can't do XXX like Windows can!"

    Within 10 minutes, I'll have 50 replies from Linux gurus around the world telling me, "You idiot, Linux's implementation is better than Windows! You just do YYY and ZZZ and boom! Bill Gates sucks!"

  10. Re:2000 times faster? by swillden · · Score: 2, Funny

    While the bumbers are only 11 difference yes, 69 is a much slower method for most 80, though I'm not sure its 2000 either.

    Wow. That's an absolutely amazing post. It's so wrong, on so many different levels, in so many different ways, and in so *few* words... impressive as hell. You have my respect, sir.

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  11. Re:Theoretical security concerns... by dbullock · · Score: 2, Funny

    I don't have a nubile teenage daughter, just two sons. So this exploit won't affect me.

    --
    http://www.bullnet.com
  12. Some advice for SHA-1's creators. by OmgTEHMATRICKS · · Score: 1, Funny

    2^69? These guys need girlfriends.