Slashdot Mirror


More on Newly Broken SHA-1

AnonymousStudent writes "Details are out about the reported broken SHA-1 hash function. The findings are that SHA-1 is not collision free and can be broken in 2^69 attempts instead of 2^80. This is about 2000 times faster. With todays computing power and Moores Law, a SHA-1 hash does not last too long. Using a modified DES Cracker, for the small sum of up to $38M, SHA-1 can be broken in 56 hours, with current computing power. In 18 months, the cost should go down by half. Jon Callas, PGP's CTO, put it best: 'It's time to walk, but not run, to the fire exits. You don't see smoke, but the fire alarms have gone off.' As Schneier suggests, 'It's time for us all to migrate away from SHA-1.' Alternatives include SHA-256 and SHA-512."

7 of 362 comments (clear)

  1. 2000 times faster? by mboverload · · Score: -1, Troll

    2^69 attempts instead of 2^80 seems like only 11 times faster, then again, thats just me.

  2. People still use SHA-1? by Anonymous Coward · · Score: 0, Troll

    Do people really still use SHA-1?

    I've been using SHA-256 for a while now.

    1. Re:People still use SHA-1? by Anonymous Coward · · Score: -1, Troll

      I've switched to SH-17

    2. Re:People still use SHA-1? by AKnightCowboy · · Score: 0, Troll
      Yea, what losers. I use nothing but MD5 for my hashing needs and DES for encryption. Unbreakable government certified encryption!

      /10 years ago

  3. Only $38 million? by Anonymous Coward · · Score: -1, Troll
    Price to crack the email/file/whatever that has Osama Bin-Ladin's location in it? $38 million.

    Capturing Osama Bin-Ladin? Priceless.

  4. Re:Price by Uber+Banker · · Score: 0, Troll

    While I am not a mortgage broker, how about I offer you a load of $80 for your new home with $80k repayable over 20 years at a fixed rate of 4.5% p.a.? I'm sure I could rustle that deal up with my compliance department.

  5. Re:"begs the question" by axlrosen · · Score: 0, Troll

    The opposite of prescriptive grammar is descriptive grammar - not no grammar.