Slashdot Mirror

← Back to Stories (view on slashdot.org)

SHA-1 Collisions for Meaningful Messages

Posted by ryuzaki0 on from the well-this-isn't-very-helpful dept.

mrogers writes "Following on the heels of last year's collision search attack against SHA-1, researchers at the Crypto 2006 conference have announced a new attack that allows the attacker to choose part of the colliding messages. "Using the new method, it is possible, for example, to produce two HTML documents with a long nonsense part after the closing </html> tag, which, despite slight differences in the HTML part, thanks to the adapted appendage have the same hash value." A similar attack against MD5 was announced last year."

9 of 128 comments (clear)

  1. Re:Quite simple to check file size also by Apage43 · · Score: 2, Insightful

    Where's the "Correct filesize" kept? If it's stored in the document, it's still possible (Though more difficult) to change it and make a collision.

  2. This is a big deal by gweihir · · Score: 4, Insightful

    One thing is that cryptographic hash functions should be easier to make secure than ciphers. At leaste that is what many cryptogtaphers thought. The other is that up to now you could rely on SHA-1 to be collision resistant, no matter what. The argument that you have a large part of the message being "garbage" does not give any real security. Many, many applications can still be attacked, and they need not even be broken for that.

    While expected since last year, selecting and using crypto-hashes just got a lot more difficult and error prone.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re:This is a big deal by Anonymous Coward · · Score: 1, Insightful

      One thing is that cryptographic hash functions should be easier to make secure than ciphers.

      How so? By default, a hash is breakable since its reducing the infinite input into a finite output. Ciphers do not.

    2. Re:This is a big deal by kassemi · · Score: 2, Insightful

      Whirlpool is a good choice these days. It's longer than most of the hashes out there, but I don't believe there have been any attacks yet demonstrated against it.

      For those pythoners out there I wrote a quick wrapper for it that should get you started. Excuse any site errors and just hit refresh

      --
      What the hell's a "gewie?"
  3. Re:Quite simple to check file size also by Xugumad · · Score: 2, Insightful

    I have to say, trusting SHA-1 to do what it says on the tin, is not incompetent. Naive, sure, but not incompetent.

  4. Re:Not like if it was AES by shokk · · Score: 3, Insightful

    The problem is that your old keys and the messages they encrypted are available for cracking now and forever. Most people only encrypt important messages, which are easy to look for in a mailbox, and at a later time could be easy to crack. There's probably even a good change the data in that mail could still be important.

    Now, if all emails were encrypted, it would be harder to immediately see what messages in a mailbox deserve your attention. But then at a later date CPU speed may make that a negligible difference.

    --
    "Beware of he who would deny you access to information, for in his heart, he dreams himself your master."
  5. Re:multiple hashes MD5 and SHA-1 by Anonymous Coward · · Score: 1, Insightful

    Even if you find that set, you don't overcame the most hard thing to do : have it real malicious code. Because, well, that's a hell to do a SHA-1 collision, and it's even more of a hell to do it with a code purposed to do anything usable and not just random crap.

  6. Re:How about this combination: by FLEB · · Score: 2, Insightful

    In cases of verification (rather than security) isn't more specificity better? I'd agree that double-hashing something like a secret password causes a loss of security, but if you're double-hashing a file to verify its contents, more specificity means it's harder to get a match by garbage-packing.

    I really am asking-- I'm not all that up on the guts-and-wherefores of encryption/hashing, and I've wondered about this question as well.

    --
    Information wants to be free.
    Entertainment wants to be paid.
    You just want to be cheap.
  7. easy tiger... by Anonymous Coward · · Score: 3, Insightful

    I think the key point is this:

    No SHA1 collisions have ever been published

    whether or not they have been found is a different matter entirely.