| |
Schneier on Security: SHA-1 Broken
by Decius at 12:27 am EST, Feb 16, 2005 |
] SHA-1 has been broken. Not a reduced-round version. Not a
] simplified version. The real thing. Oh Fuck. |
| |
RE: Schneier on Security: SHA-1 Broken
by Elonka at 12:09 pm EST, Feb 16, 2005 |
Decius wrote:
] ] SHA-1 has been broken. Not a reduced-round version. Not a
] ] simplified version. The real thing. Well, "Broken" is relative. I'd instead use the term "somewhat weaker than expected". From what I'm reading, the old chances of collision were 2^80, and now with the "break" they've been reduced to only 2^69. Still pretty hefty. Lots of good discussion on this at Slashdot: http://it.slashdot.org/comments.pl?sid=139602 |
|
| | |
RE: Schneier on Security: SHA-1 Broken
by Decius at 2:40 pm EST, Feb 16, 2005 |
Elonka wrote:
] Decius wrote:
] ] ] SHA-1 has been broken. Not a reduced-round version. Not a
] ] ] simplified version. The real thing.
]
] Well, "Broken" is relative. I'd instead use the term
] "somewhat weaker than expected". From what I'm reading, the
] old chances of collision were 2^80, and now with the "break"
] they've been reduced to only 2^69. Still pretty hefty. Well, broken is relative, but it is a fundamental attack on a full implementation of the algorithm. In academic terms at least its considered broken because it does not provide the properties its supposed to provide even in the best case. In practical terms the implications strongly depend on your application and threat model. Cracking DES is a 2^56 order operation and it could be done for about $100,000 in 1998. 2^69 is significantly harder, but significantly less difficult then 2^80, which was already starting to look a little shallow (hence SHA-256 and SHA-512 being bandied about in the last few years). In retrospect, its possible the NIST announcement I posted wasn't actually a pre-warning but rather a commentary on the weakness of 2^80 hashes. 2010 is what they said... So for certain well funded adversaries they can produce SHA1 hashes fairly rapidly, but where does this matter? Primarily in places where long term data integrity is required. Integrity of real time network protocols is much less likely to be implicated because doing this kind of cracking in real time is usually going to be unreasonable. This isn't going to result in a bunch of practical attacks right away, but its time to move to another algorithm. |
|
| | | |
RE: Schneier on Security: SHA-1 Broken
by bucy at 11:26 pm EST, Feb 16, 2005 |
Decius wrote: ] This isn't going to result in a bunch of practical attacks
] right away, but its time to move to another algorithm. I may have heard some mumbling that the entire class of hashes
built on "iterated compression functions" is suspect at this point. Whirlpool, on the other hand, is based on the Rijndael transformation: http://www.memestreams.net/thread/bid14922/ |
|
Schneier on Security: SHA-1 Broken
by bucy at 11:36 pm EST, Feb 15, 2005 |
] SHA-1 has been broken. Not a reduced-round version. Not a
] simplified version. The real thing. Yow! |
Schneier on Security: SHA-1 Broken
by Acidus at 12:33 am EST, Feb 16, 2005 |
] SHA-1 has been broken. Not a reduced-round version. Not a
] simplified version. The real thing. All your digital signatures are belong to us. You have no chance to survive make new keys. (well, not really new keys, but you get the drift) |
Microsoft HOWTO: t3W b3 th3 k3wl3zT eV4R!
by Dagmar at 1:49 pm EST, Feb 17, 2005 |
Just when you thought it couldn't get any weirder, Microsoft has produced documentation on translating and writing 'leetspeak'. OMG Th3Y aR3 0nT0 uz N0\/\/!@#$@!@!$$ |
There are redundant posts not displayed in this view from the following users: Rattle, lclough, SeriouslyUGuys.
|
|
