Slashdot Mirror

← Back to Stories (view on slashdot.org)

PGP Moving To Stronger SHA Algorithms

Posted by timothy on from the 511-upmanship dept.

PGP Corp. is moving to a stronger SHA Algorithm (SHA-256 and SHA-512) as consequence of the research conducted by the team at Shandong University in China who broke the SHA-1 algorithm. (See this earlier story for more information on the SHA-1 vulnerability.)

8 of 247 comments (clear)

  1. Why only small improvements in security? by ABeowulfCluster · · Score: 5, Funny

    I think I'll wait for the SHA-65000 algorithm instead.. it'll be harder to crack.

  2. Re:Not a solution by anothergene · · Score: 5, Insightful


    They're just trying to avoid the problem, not solve it. Moving to SHA-512 is not a solution. :/

    Could also be a stop gap solution. At least it will be harder to break in the mean time until a real solution is devised.

    --
    Who's leg do I have to hump to get a dry martini around here?
  3. Re:Come on... by no+parity · · Score: 5, Insightful
    They did not break it. They just found a way to reduce the number of trials needed to find a collision.

    That is what's usually referred to as "breaking" a hash algorithm.

  4. Re:Not a solution by Anonymous Coward · · Score: 5, Insightful

    What, then, is?

    Moving to Tiger? Or Whirlpool? Or RIPEMD-160?

    The amount of effort it took to discover the weakness in SHA-1 was incredible, and SHA-256 and SHA-512 are even more complex. Tiger and Whirlpool are relatively untested, and RIPEMD-160 was put out as an update after the original RIPEMD was broken (Much like SHA-0).

    SHA-256 and SHA-512 are the most likely successors to the throne, because they're based on an algo that is STILL, despite being "broken", known to have very strong collision resistance.

  5. SHA-1 break illustrated.. by __aaijsn7246 · · Score: 5, Interesting

    http://lists.gnupg.org/pipermail/gnupg-users/2005- February/024862.html

    Atom Smasher atom at smasher.org
    Wed Feb 16 21:56:25 CET 2005

    Hash: SHA256

    this should help put the (alleged until proven otherwise) SHA-1 break into
    perspective. thanks to Sascha Kiefer for giving me the idea.

    let's say that unbroken SHA-1 represents a 100 meter (328 ft) wall. if a
    break allows a collision to be found in merely 2^69 operations (on
    average), that would mean the wall has crumbled to 4.9 cm (1.9 in) tall.
    that's broken!!

    OTOH, let's say that unbroken MD5 represents a 100 meter (328 ft) wall.
    comparing unbroken MD5 to broken SHA-1 means the wall would actually grow
    from 100 meters (328 ft) tall to 3.2 km (1.99 miles) tall. SHA-1, even if
    it's broken enough to find a collision in 2^69 operations (on average), is
    still stronger than MD5 was ever meant to be.

    again, using unbroken MD5 as our reference of a 100 meter (328 ft) wall,
    unbroken SHA-1 would be a wall 6553.6 km (4072 miles) tall. SHA-1 was
    intended to be incredibly stronger than MD5.

    - -- ...atom

  6. Re:What about GPG? by papercut2a · · Score: 5, Informative

    IIRC, GPG already allows SHA-256 and SHA-512, but doesn't default to them.

  7. Re:What about GPG? by papercut2a · · Score: 5, Informative

    Just to confirm, GPG 1.4 DOES support the more-bits versions of SHA. Run GPG with the --version parameter to get something like this for your copy:

    Supported algorithms:
    Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
    Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
    Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512
  8. Re:Not a solution by Anonymous Coward · · Score: 5, Informative
    As it turns out PGP (well, GPG) already has support for RIPEMD160 built in to it. To use this:
    gpg --clearsign --digest-algo RIPEMD160 foo.txt

    gpg -b --armor --digest-algo RIPEMD160 foo.tar.gz

    (First one: Clear signuatre; second one: detached signature)