Slashdot Mirror

← Back to Stories (view on slashdot.org)

New, Faster Attack against SHA-1 Revealed

Posted by CowboyNeal on from the not-so-safe-anymore dept.

VxSote writes "According to Bruce Schneier's blog, a team of Chinese cryptographers has announced new results against SHA-1 that speed up the time required to find collisions compared to their previously published attack. Schneier says that a SHA-1 collision search is now 'squarely in the realm of feasibility,' and that further improvements are expected."

30 of 298 comments (clear)

  1. Is that the attack... by RevDobbs · · Score: 5, Funny

    Is that the same attack the chinese exchange student used in Lineage II?

    1. Re:Is that the attack... by Anonymous Coward · · Score: 2, Funny

      ...that speed up the time required to find collisions...

      They sped up time? Impressive!

    2. Re:Is that the attack... by Omnieiunium · · Score: 2, Funny

      No, that was with two Level 68 Knights with Swords of Death.

    3. Re:Is that the attack... by isorox · · Score: 3, Funny

      They sped up time? Impressive!

      Not really. They moved, which meant that, relative to them, they sped up time for the rest of us!

    4. Re:Is that the attack... by Dwonis · · Score: 4, Funny
      Let's see if they're the same attack, by comparing the two files that Schneier has linked to in the last few weeks:

      $ sha1sum wang_sha1_v2.pdf sha1-crypto-auth-new-2-yao.pdf
      f4489045822c1940a3 71c87d7d54cfca5fedd6f7 wang_sha1_v2.pdf
      f4489045822c1940a3 71c87d7d54cfca5fedd6f7 sha1-crypto-auth-new-2-yao.pdf

      So it's the same attack.

      Oh, wait...

  2. The world is collapsing around me! by frinkacheese · · Score: 5, Funny

    Next there will be massive ASIC machines crunching your PGP ciphertext and nobody will be able to proove anything until Lt Cmdr Data comes up with another Fractal Encryption algorythm that even the Borg cannot break.

  3. oh God bless them, those kooky spookies by peculiarmethod · · Score: 4, Funny

    I repeat the saying I've heard comes from inside the NSA: "Attacks always get better; they never get worse."

    And THAT kind of forward thinking, gentlemen, is why we're number one over here in the good ol' U.S. of A. So glad we spend money in all the right places.

    --
    ** "It's not my job to stand between the people talking to me, and the ones listening to me." -- Pego the Jerk
    1. Re:oh God bless them, those kooky spookies by tool462 · · Score: 1, Funny

      Yeah, well us 'mericans invented the Navajo cipher, so there! /Tongue planted firmly in cheek

    2. Re:oh God bless them, those kooky spookies by andreyw · · Score: 2, Funny

      That didn't do what you think it did. You just wiped out your cheek.

  4. Big deal by That's+Unpossible! · · Score: 5, Funny

    All they did was look for a near-collision
    differential path which has low Hamming weight in the "disturbance vector" where each 1-bit represents a 6-step local collision. Then they simply adjusted the differential path in the first round to another possible differential path so as to avoid impossible consecutive local collisions and truncated local collisions. Then obviously the final step taken was to transform two one-block near-collision differential paths into a twoblock
    collision differential path with twice the search complexity.

    Duh...

    --
    Ironically, the word ironically is often used incorrectly.
    1. Re:Big deal by Rocky1138 · · Score: 1, Funny

      Yeah, what he said.

    2. Re:Big deal by MikeB90 · · Score: 2, Funny

      He's right. This is really straightforward and intuitively obviou. Nothing to learn here folks, move along

    3. Re:Big deal by Krach42 · · Score: 1, Funny

      You lost me at "All the did was..."

      --

      I am unamerican, and proud of it!
    4. Re:Big deal by Jeff+DeMaagd · · Score: 3, Funny

      Yeah. It would have only been hard if they also had to deal with invariant -manifolds.

    5. Re:Big deal by gardyloo · · Score: 4, Funny

      You forgot to add a link to where he describes this process and how he derrived it. A fascinating read, really.

      Not Found
      The requested URL /blog/archives/2005/08/new_cryptanalyt_details.htm l was not found on this server.

          Oh, yes, I've just wet my pants with excitement.

    6. Re:Big deal by gardyloo · · Score: 5, Funny

      Invariant manifolds? You were lucky! We dreamed of invariant manifolds. We had to make do with symplectic diffeomorphisms of the torus, what with its four fixed points, you know, assuming that the eigenvalues of the Jacobi matrix are not equal to minus unity at any point... and we liked it.

    7. Re:Big deal by quanticle · · Score: 2, Funny

      But did they use a flux capacitor?

      --
      We all know what to do, but we don't know how to get re-elected once we have done it
  5. Now can we panic? by John.P.Jones · · Score: 4, Funny
    Alas poor SHA-1, I knew him...

    Okay so we still have SHA-256 and SHA-512 but can we really feel good about them?

    Wanted: One reliable hash...

    1. Re:Now can we panic? by MightyMartian · · Score: 4, Funny

      Commit everything to memory, keep a cyanide pill close by and hope like hell that that crazy guy with the tinfoil hat is wrong.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    2. Re:Now can we panic? by kihjin · · Score: 2, Funny

      Wanted: One reliable hash...

      I know of one. It has a problem with snack collisions though... or rather, the user has a problem with snack collisions. ;)

      --
      This slashdot-related signature is a stub. You can help kihjin by expanding it.
    3. Re:Now can we panic? by chrysrobyn · · Score: 2, Funny

      Commit everything to memory, keep a cyanide pill close by and hope like hell that that crazy guy with the tinfoil hat is wrong.

      Buddy, if you're keeping that cyanide pill close by, the guy with the tinfoil hat isn't the only crazy one. You might as well label yourself correctly and put your own tinfoil hat on.

  6. i'll never understand why... by mashedpatatas · · Score: 1, Funny

    i think it's human nature to just look for fault in other's work (in this case, a crypto algorithm)... but wouldn't it be more sensible if they spend their brilliance on creating a more stronger algorithm than proving and finding weaknesses in somebody else's work?

    1. Re:i'll never understand why... by Hack+Jandy · · Score: 4, Funny

      I'd rather the NSA found the exploits...

      The NSA did this six years ago. Just pick up any phone and ask them.

      HJ

  7. Security by bredk · · Score: 5, Funny

    I've just changed away from using SHA-1. Double ROT13 seems most appealing these days. ;)

    --
    http://slashdot.su/
    1. Re:Security by jaseparlo · · Score: 2, Funny

      Hmm, was that message Double Rot13 encrypted? If that's the case, I fear I have violated the DMCA by reading it.

      --
      All available data suggest that regardless of any of this, the sun will still come up tomorrow.
    2. Re:Security by CRCulver · · Score: 5, Funny

      SHA-1 isn't a cipher, it's a hash algorithm. Therefore, it has nothing to do with encryption (like ROT13), but with authentication. Sorry to ruin your little joke, which has become a tired amusement lamely presented in every new Slashdot story on cryptography.

    3. Re:Security by cpeikert · · Score: 5, Funny

      Wait a minute, you don't sound sorry at all!

  8. Re:Crypto is an evolutionary process by dreamer-of-rules · · Score: 2, Funny

    Yeah, yeah. I'm happy that these people are working tirelessly to find flaws in encryption algorithms in common use and publish the results. After all, I'd hate to think that some criminals got ahead of the good guys in compromising SHA.

    / minor sarcasm-- could you tell? // "He who can destroy a thing, controls that thing."

    --
    Everyone is entitled to his own opinions, but not his own facts.
  9. Dumb question by XorNand · · Score: 2, Funny

    Let's say I take a binary file and I grab both it's MD5 and SHA1 hashes. I then combine the output of those two into one really long string. Them I take the SHA1 hash of that string. How secure is this?

    --
    Entrepreneur : (noun), French for "unemployed"
  10. Re:Well that would assume a few things by bigberk · · Score: 2, Funny

    that what we WANTED you to think!

    - NSA
    PS. pwned