Slashdot Mirror
PGP Moving To Stronger SHA Algorithms
PGP Corp. is moving to a stronger SHA Algorithm (SHA-256 and SHA-512) as consequence of the research conducted by the team at Shandong University in China who broke the SHA-1 algorithm. (See this earlier story for more information on the SHA-1 vulnerability.)
They're just trying to avoid the problem, not solve it. Moving to SHA-512 is not a solution. :/
wouldn't the problem still exist but the odds of cracking it would be so huge it wouldn't be worth it?
right? correct me if im wrong.
Is there a reason to wait until someone breaks the existing algorithm before moving to a stronger one?
It seems to me that if you start working on implementing the stronger ones BEFORE your existing one is broken?
An ounce of prevention...
but why not take a hash of a hash ?
if its broken once - all you get is another hash and with no way of telling if you`ve cracked it or not, its useless
That is what's usually referred to as "breaking" a hash algorithm.
They did not break it. They just found a way to reduce the number of trials needed to find a collision.
And what exactly would you consider broken? Since when was "it don't work as we thought" not good enough?
Let me give you an example. You sign your Last Will and Testament digitally. You can do that; the courts will uphold it. Now, these fine researchers can concoct a new Will that says something different, but still appears to be signed by you.
Of course you already knew they could do that, but you thought it would take 20 million or so years. As it turns out, your estimate was several orders of magnitude too high. That's what these researchers have proven.
Is SHA-1 broken yet?
From a cryptography point of view, that *is* breaking it.
quidquid latine dictum sit altum videtur.
(PHPBBQ? *mentally runs sed s/PHP/PGP/g on post*)
I would still rather see people encrypt all their data than to send (even potentially) sensitive data in plain text. Sure, the best option would be educating people on what is really important, and thus worth encrypting, but a lot of people can't seem to grasp the concept of privacy/security. I know people who would submit a credit card number to some shady website over plain HTTP, without even looking on the page for a privacy policy.
Granted, it is borderline ridiculous to encrypt anything and everything, but it's better than not encrypting anything at all and hoping nobody's looking.
Bears don't normally eat things that talk and move backwards.
Okay, even if you can find a collision in, say, a day... Great. You can find a collision in a day. But how many collisions will you have to sort through before you find one that even resembles a will, especially one that, say, gives all your property to me?
Oh, sure, lots. But if the SHA-1 is being used for, say, passwords - where all that's stored and checked is the hash - then ANY collision will do. So if you can find a collision in a day, you can break into any system using SHA-1 for password authentication in a day.
That's broken.
I realize that this means that 2 messages can be generated with the same hash. However, does this really signify such a big weakness. The person generating the hashes has no control over the content of either of the messages, nor do they have control over what the resulting hash will be. So, you can, in a reasonable amount of time, generate 2 arbitrary messages with the same, yet still arbitrary hash. So what. Unless you can generate meaningful messages with identical hashes, you don't really accomplish anything through using this technique.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
Didn't they already prove this broken by creating a database of all hashes possible for all alpha-numeric passwords up to a certain length. I think it was for a different hash though. Anyway, if you're going to spend all the computation power to break passwords, you might as well just make a reverse hash database, it will be much more useful to you.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
So what do you guys wanna bet that at least a few of these researchers have their phones tapped at this point?
I can't think of any intelligence agency that that wouldn't like a few days head start with any more findings these guys come up with.
I'm not really headed anywhere specfic with this comment, other than getting this thought out there. People have been bugged to gain access to much less exciting information than this.
Life is too short to proofread.
Adding to what you've said, if the cumbled SHA-1 wall is 4.9 cm (1.9 in) tall, our current average reach of scaling the wall is still a few nano metres.
It appears as if that 4.9 cm wall is very scalable, but it still isn't easily scalable.
Quoting Bruce Schneier's quote of what Jon Callas, PGP's CTO said: "It's time to walk, but not run, to the fire exits. You don't see smoke, but the fire alarms have gone off."
Banu
What you are describing is a different type of attack from what the Chinese researchers discovered. Their attack allows them to generate two messages that have the same hash; it doesn't allow them to generate a message that hashes to a fixed value. So password hashing is still safe -- AFAIK, there are no known attacks against it other than brute force (or rubber hose).
To get something done, a committee should consist of no more than three persons, two of them absent.
Two reasons:
Note that there are circumstances where you don't care about this, because the original data is public and you just want to be sure it wasn't fiddled with.
Life is too short to proofread.
"Since then, the USA's encyrption policy has been undermined from so-called allies such as Canada and Mexico such that these technologies are in the public domain and commonly used in communicating things that threaten our national security."
The US's encryption policy has been undermined because it's stupid. Canada and Mexico are only two of the dozens of countries that agree with my assessment.
Even if the USA were the only source of strong crypto (Not the case. Rijndael aka AES comes from Belgium.) or every other country agreed with the American position (ha!), it only takes one leak for the bad guys to get the good cyphers.
One leak. When every computer has a binary implementation that can be reverse engineered. When open source software has the source code available for all to see. Even if nobody sold/distributed the good versions outside of the US, it would still be trivial to get a good version out.
I rarely criticize things I don't care about.