Re: SHA1 encryption
From: Adam Machanic (amachanic_at_hotmail._removetoemail_.com)
Date: 02/17/05
- Next message: Adam Machanic: "Re: Problem with Stored Procedure Execution Plan"
- Previous message: aharris23: "ASP.NET Application - "SQL Server does not exist or access denied""
- In reply to: Steve Kass: "Re: SHA1 encryption"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 17 Feb 2005 09:11:38 -0500
Moore's Law :-)
Seriously, though, I agree with you, 2^69 is still al lot of combinations --
but it's a lot less than 2^80, and according to at least one other source I
read the fact that they were able to get it down to 2^69 might be an
indication that other flaws exist -- although that's merely conjecture.
-- Adam Machanic SQL Server MVP http://www.sqljunkies.com/weblog/amachanic -- "Steve Kass" <skass@drew.edu> wrote in message news:%23PKq%23RLFFHA.2832@TK2MSFTNGP14.phx.gbl... > Thanks, both for pointing out that SHA1 is not encryption, and > for posting the link. > > To add to what Adam posted, while that result is getting a lot > of attention, it doesn't mean SHA1 is "cracked," it just means > finding different messages with the same SHA1 hash is easier > than we thought. It might only take a warehouse full of computers > 20 years or so, instead of 20,000. I haven't seen the paper, but > some reports say that this result is just for finding same-hash > messages, and unless someone finds an algorithm for finding > a meaningful message with a specified hash, this is not a > concern for many applications. Even if this new algorithm > applies to the latter case, if it reduced the known "find a pair" > complexity from 2^80 to 2^69, it doesn't seem likely to reduce > the known "find a message with this hash" complexity below > maybe 2^138 or 2^149, from (if I recall right) the brute force > time of 2^160. > > No one is going to complete 2^138 computing operations in > any of our lifetimes, so SHA1 is hardly dead (for what it was > intended for, not for encryption!) until and unless a much more > significant reduction in complexity is found, if there is one. (A > (US) billion computers operating at 1 THz each would take > something like 11 trillion years to finish 2^138 operations. > That's hundreds of times the estimated lifetime of the universe.) > > SK > > > David Portas wrote: > > >SHA1 is a hash algorithm not an encryption algorithm > > > >There exist various third-party encryption products for SQL Server. You > >can Google for those in this group and elsewhere. > > > >Steve Kass posted an SHA1 implementation in TSQL here: > >http://groups.google.co.uk/groups?hl=en&lr=&selm=emOfNbWVEHA.2508%40TK2MSFT NGP12.phx.gbl > > > >.NET has a SHA1 class in the Cryptography namespace and that's probably > >a more convenient way to implement it than in the database. > > > > > >
- Next message: Adam Machanic: "Re: Problem with Stored Procedure Execution Plan"
- Previous message: aharris23: "ASP.NET Application - "SQL Server does not exist or access denied""
- In reply to: Steve Kass: "Re: SHA1 encryption"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
