Slashdot Mirror

← Back to Stories (view on slashdot.org)

SHA-1 Collisions for Meaningful Messages

Posted by ryuzaki0 on from the well-this-isn't-very-helpful dept.

mrogers writes "Following on the heels of last year's collision search attack against SHA-1, researchers at the Crypto 2006 conference have announced a new attack that allows the attacker to choose part of the colliding messages. "Using the new method, it is possible, for example, to produce two HTML documents with a long nonsense part after the closing </html> tag, which, despite slight differences in the HTML part, thanks to the adapted appendage have the same hash value." A similar attack against MD5 was announced last year."

3 of 128 comments (clear)

  1. yeah... nonsense by macadamia_harold · · Score: 5, Funny

    Using the new method, it is possible, for example, to produce two HTML documents with a long nonsense part

    To achieve this, the method uses material pulled from myspace.com.

    --
    Push Button, Receive Bacon
  2. NO SHA-1 COLLISIONS HAVE EVER BEEN FOUND by SiliconEntity · · Score: 5, Informative

    NO SHA-1 COLLISIONS HAVE EVER BEEN FOUND!

    Ahem.

    Sorry, my caps lock key got stuck there.

    No SHA-1 collisions have ever been found. The first person or group to find one will achieve considerable fame. I say this as an attendee of both last week's Crypto conference and the immediately following hash function workshop.

    The work factor estimated for a SHA-1 collision is something over 2^60 cycles. That would put it on par with the biggest calculations that have ever been done (publicly anyway). So far nobody has put together a sufficient effort to achieve a collision.

    At the hash function workshop, cryptographer Antoine Joux published a set of recommendations for how such a hash collision effort should be mounted, in order to minimize the damaged from a published collision. The main goal is to make it difficult to take a published collision and use it to create harmful effects in various ways. Hopefully Joux's guidelines will be followed if and when a SHA-1 collision finding project gets started.

  3. Insecure by zlogic · · Score: 5, Informative

    SHA-1 was proved to have insecurities years ago. Because of that SHA-2 ("SHA-256", "SHA-384", and "SHA-512") was released back in 2001 as a better version of SHA-1. SHA-2 was tested and no insecurities were found (yet). What's more, SHA-2 is now the official US standard.
    Complaining that SHA-1 is insecure is like complaining that Windows 98 is insecure.
    Oblig Wikipedia link: http://en.wikipedia.org/wiki/SHA_hash_functions