Slashdot Mirror

← Back to Stories (view on slashdot.org)

New, Faster Attack against SHA-1 Revealed

Posted by CowboyNeal on from the not-so-safe-anymore dept.

VxSote writes "According to Bruce Schneier's blog, a team of Chinese cryptographers has announced new results against SHA-1 that speed up the time required to find collisions compared to their previously published attack. Schneier says that a SHA-1 collision search is now 'squarely in the realm of feasibility,' and that further improvements are expected."

4 of 298 comments (clear)

  1. It's an insurmountable problem. by Sheetrock · · Score: 0, Troll
    Hash algorithms (or #algo in compsci parlance) quite naturally represent duplicable checksums of different source materials because you're rendering large variable-width data as small fixed-width data. That's why the results are often called "fingerprints", which are themselves only mostly reliable, and not "DNA".

    The problem is that these algorithms rely on external characteristics of the data sources and render them to a short description. Indeed, a "DNA" approach would look at what makes up the files (binary) rather than the obvious (ASCII characters) and create a profile that could only match that file.

    This has been less than practical to this point because of a difference in file formats and transfer protocols. Anybody who uses FTP can attest to how easy it is to transfer binary when you mean ASCII and visa versa, and newline characters and little-endian/big-endian conversions make developing a DNA standard for file comparison difficult at best.

    But I think that we're quickly reaching a point where standard fingerprint checksums are running out of usefulness.

    --

    Try not. Do or do not, there is no try.
    -- Dr. Spock, stardate 2822-3.




  2. Sorry, no proof? by statemachine · · Score: 0, Troll

    Even the greats like Bruce can get hoaxed.

    This Chinese research team has yet to publish their proof for the last SHA attacks. Or maybe I missed it? Please show everyone the proof. I honestly want to be able to read the proof. Links, please.

    If it's real, withholding information on these attack vectors doesn't make it any safer for the rest of us who use SHA or any other algorithm.

  3. Re:Visa problems for the authors by DNS-and-BIND · · Score: 0, Troll
    Yeah, because their interest in breaking American government ciphers is purely academic, and will never, ever be used by the CCP. Maybe it would have also helped if they had applied for the visa in time.

    Visas are a two-way street, you know. I've had plenty of problems obtaining the proper visa to enter China, only people don't write blog posts about it and imply it's due to some sinister conspiracy. Also, in the typical ignorant, Western-centric viewpoint, you point to a weblog that is blocked by the Great Firewall of China (don't feel special, all of blogspot.com is blocked). So Wang Xiaoyun and Yu Hongbo (their correct names before being Westernized) can't view your post, due to the censorship of the government for which they break ciphers for.

    --
    Shutting down free speech with violence isn't fighting fascism. It IS fascism!
  4. Re:Simple new hash function by m50d · · Score: 0, Troll

    Please for god's sake stop modding this stupid stupid idea up.

    --
    I am trolling