Slashdot Mirror

← Back to Stories (view on slashdot.org)

PGP Moving To Stronger SHA Algorithms

Posted by timothy on from the 511-upmanship dept.

PGP Corp. is moving to a stronger SHA Algorithm (SHA-256 and SHA-512) as consequence of the research conducted by the team at Shandong University in China who broke the SHA-1 algorithm. (See this earlier story for more information on the SHA-1 vulnerability.)

13 of 247 comments (clear)

  1. Not a solution by Esine · · Score: 4, Insightful

    They're just trying to avoid the problem, not solve it. Moving to SHA-512 is not a solution. :/

    1. Re:Not a solution by anothergene · · Score: 5, Insightful


      They're just trying to avoid the problem, not solve it. Moving to SHA-512 is not a solution. :/

      Could also be a stop gap solution. At least it will be harder to break in the mean time until a real solution is devised.

      --
      Who's leg do I have to hump to get a dry martini around here?
    2. Re:Not a solution by Anonymous Coward · · Score: 5, Insightful

      What, then, is?

      Moving to Tiger? Or Whirlpool? Or RIPEMD-160?

      The amount of effort it took to discover the weakness in SHA-1 was incredible, and SHA-256 and SHA-512 are even more complex. Tiger and Whirlpool are relatively untested, and RIPEMD-160 was put out as an update after the original RIPEMD was broken (Much like SHA-0).

      SHA-256 and SHA-512 are the most likely successors to the throne, because they're based on an algo that is STILL, despite being "broken", known to have very strong collision resistance.

    3. Re:Not a solution by uhoreg · · Score: 4, Insightful
      1. SHA-256 is not just SHA-1 with more bits; it's a different algorithm. So moving from SHA-1 to SHA-256 is not the same as moving from RSA-512 to RSA-1024. (However, moving from SHA-256 to SHA-512 would be.)
      2. RSA was never broken in the same way that SHA-1 is now (allegedly -- since the paper is not yet published) broken, or that MD5 is broken. SHA-1 is broken in the sense that the researchers were able to find a collision in much less than the expected 2^80 calculations. This indicates that the algorithm is weaker than previously believed, and may soon result in much quicker attacks. RSA-512 is broken because computing power has caught up with it, and it's possibly economical to build a computer that can crack 512-bit RSA keys. Weaknesses that are solely due to key/hash size may be fixed by switching to a larger size. Weaknesses that are inherent in the algorithm may not be able to be fixed in this way.
      --

      To get something done, a committee should consist of no more than three persons, two of them absent.

  2. the problem is still there by bird603568 · · Score: 3, Insightful

    wouldn't the problem still exist but the odds of cracking it would be so huge it wouldn't be worth it?
    right? correct me if im wrong.

    1. Re:the problem is still there by pclminion · · Score: 3, Insightful
      Well, until mankind figures out a way around the pigeonhole problem -- which is NEVER -- this "problem" will always exist.

      What we should be asking ourselves is, is there a way to construct a hashing algorithm for which the OPTIMAL method for finding collisions is a brute force search? So far it hasn't been done, and it hasn't been definitely proven to be possible or impossible, either.

      I see a lot of people on these forums complaining that we should "just" make a hash algorithm that is unbreakable. It's a logical impossibility. Can you fit an infinite number of things into a finite number of holes and guarantee that each hole has at most one object in it? I hope people are capable of grasping that, at least.

  3. Why not move sooner? by }InFuZeD{ · · Score: 4, Insightful

    Is there a reason to wait until someone breaks the existing algorithm before moving to a stronger one?

    It seems to me that if you start working on implementing the stronger ones BEFORE your existing one is broken?

    An ounce of prevention...

  4. Re:Come on... by no+parity · · Score: 5, Insightful
    They did not break it. They just found a way to reduce the number of trials needed to find a collision.

    That is what's usually referred to as "breaking" a hash algorithm.

  5. Re:Come on... by Anonymous Coward · · Score: 4, Insightful

    Okay, even if you can find a collision in, say, a day... Great. You can find a collision in a day. But how many collisions will you have to sort through before you find one that even resembles a will, especially one that, say, gives all your property to me?

    Oh, sure, lots. But if the SHA-1 is being used for, say, passwords - where all that's stored and checked is the hash - then ANY collision will do. So if you can find a collision in a day, you can break into any system using SHA-1 for password authentication in a day.

    That's broken.

  6. Re:i'm no crypto expert... by Sweetshark · · Score: 4, Insightful

    but why not take a hash of a hash ?
    Because breaking the hash means finding two documents resulting in the same hash. If the first hash ist the same for both documents all hashes of hashes will be the same too.
    What you could do is using different hash-algos, but it increases the amount of code to be managed and reviewed thoroughly (security by obscurity rarely works). And it increases the size of the digest - SHA-256 does that too but it keeps the algorithm simple.

  7. Re:Come on... by CastrTroy · · Score: 3, Insightful

    Didn't they already prove this broken by creating a database of all hashes possible for all alpha-numeric passwords up to a certain length. I think it was for a different hash though. Anyway, if you're going to spend all the computation power to break passwords, you might as well just make a reverse hash database, it will be much more useful to you.

    --

    Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
  8. Phones tapped? by theLOUDroom · · Score: 3, Insightful

    So what do you guys wanna bet that at least a few of these researchers have their phones tapped at this point?

    I can't think of any intelligence agency that that wouldn't like a few days head start with any more findings these guys come up with.

    I'm not really headed anywhere specfic with this comment, other than getting this thought out there. People have been bugged to gain access to much less exciting information than this.

    --
    Life is too short to proofread.
  9. Missing details to complete the perspective by mukund · · Score: 4, Insightful

    Adding to what you've said, if the cumbled SHA-1 wall is 4.9 cm (1.9 in) tall, our current average reach of scaling the wall is still a few nano metres.

    It appears as if that 4.9 cm wall is very scalable, but it still isn't easily scalable.

    Quoting Bruce Schneier's quote of what Jon Callas, PGP's CTO said: "It's time to walk, but not run, to the fire exits. You don't see smoke, but the fire alarms have gone off."

    --
    Banu