Re: Now that SHA-1 is cracked...

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Matt Gibson (mattg_at_blueedgetech.ca)
Date: 02/22/05 

Date: Mon, 21 Feb 2005 20:14:04 -0800

Galen,

There's a few things that should be said on all these "SHA-1 is cracked"
sites that rarely is.

A) No one has seen this paper that claims to have found a collision in SHA-1
in less than brute force attempts. It has not been released to the public,
so no memebers of the crypto community have had a chance to review it.

B) In the 2-3 page abstract from this paper, they state that their collision
was found with out the padding needed by SHA-1. So this may not be of any
real world use, as all (that I know of) SHA-1 implementations use padding
(as they're supposed to), and this attack may not work against padded
implementations.

C) Say the paper is right, and they can now break SHA-1 in ~2^53 attempts.
What does this mean to most people? Nothing. With these attacks, you
cannot just get "I will give you 1 million dollars" to "I will give you 10
million dollars". You'd have a better chance of getting "09sdfkj3uih3wi8"
to hash to the same value.

This is a prime example of how the media (and the uninformed tech community)
spreads FUD.

Matt Gibson - GSEC

"Galen" <galennews@gmail.com> wrote in message
news:e4RayUHGFHA.560@TK2MSFTNGP15.phx.gbl...
> In news:u5NlDBFGFHA.1084@tk2msftngp13.phx.gbl,
> Matt Gibson <mattg@blueedgetech.ca> had this to say:
>
>
>> SHA-1 Is not "Cracked"
>>
>> Read before you panic and spread FUD.
>>
>> Matt Gibson - GSEC
>
> From Google:
>
> SHA-1 cracked!:
> http://www.techspot.com/story17011.html
>
> Perhaps the OP has been reading the news?
>
> Galen
> --
>
> "My mind rebels at stagnation. Give me problems, give me work, give me
> the most abstruse cryptogram or the most intricate analysis, and I am
> in my own proper atmosphere. I can dispense then with artificial
> stimulants. But I abhor the dull routine of existence. I crave for
> mental exaltation." -- Sherlock Holmes
>
>

Relevant Pages

  • RE: SHA-1 vs. triple-DES for password encryption?
    ... when you deal with passwords. ... Cryptographers call an attack something that would work on say ... > triple-DES and SHA-1 algorithms available. ... By not using triple-DES there is no need to secure a key ...
    (SecProg)
  • Re: Re-secured Algorithm?
    ... How did I know you're going to start your Google nonsense again? ... to suggest that anyone should still be using SHA-1 much beyond 2010. ... It wasn't a personal attack. ... What I said was that nobody gives a rat's ass about you if you tried ...
    (sci.crypt)
  • Re: Hash functions and streaming
    ... > The cryptanalysis article does not actually support your conclusion. ... > Though an attack has been found, it is not a genaral cause for alarm. ... > further discuss how to use it (SHA-1) securely. ... "Ich bin ein freier Mensch und werde jetzt von meinen Freiheitsrechten ...
    (comp.security.misc)
  • Re: first MD5 and now SHA-1
    ... > Shiaoyun Wang has done it again! ... Linkname: Schneier on Security: New Cryptanalytic Results Against SHA-1 ... But an attack that's faster than 2^64 is a significant milestone. ... For IBM-MAIN subscribe / signoff / archive access instructions, ...
    (bit.listserv.ibm-main)
  • Re: Now that SHA-1 is cracked...
    ... No one has seen this paper that claims to have found a collision in SHA-1 ... as all SHA-1 implementations use padding ... and this attack may not work against padded ... spreads FUD. ...
    (microsoft.public.inetserver.iis)