SHA1 broken (8)

1 Name: !WAHa.06x36 05/02/16(Wed)11:34 ID:MiGvi9OW

http://www.schneier.com/blog/archives/2005/02/sha1_broken.html

Fuck. This doesn't seem like a very practical break, but it is enough that a lot of code that relies on SHA-1 will have to be rewritten to use another hash function, and we're running out of trustworthy candidates.

A practical example of the problem: Share uses SHA-1 hashes to identify files. If you can generate a collision in SHA-1, you can create two different files that have the same Share hash, and Share won't be able to tell the difference between them. In the worst case, you create a file that has the same hash as a real one, and poison the network with it.

Well, we'll see how bad it really is when the paper gets officially released.

2 Name: 4 05/02/16(Wed)13:35 ID:qX/Wlmnr

Doesnt share also rely on filename, filesize etc? Whats the chances of getting a hash thats the same filesize and the same hash but being different data?

3 Name: !WAHa.06x36 05/02/16(Wed)13:40 ID:MiGvi9OW

Matching the file size is probably trivial.

That said, this attack doesn't let you find a matching hash for any given file. It only lets you create two different files with the same hash. And the work involved is still too big for anyone without huge processing power. However, further attacks may be discovered, and SHA-1 is definitely no longer trusted.

5 Name: !WAHa.06x36 05/02/20(Sun)01:55 ID:dTU3xCXx

http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html

Some more writing on this. I like this bit (SHA-1 is an NSA-developed algorithm, and the NSA are infamously tight-lipped about what they know about cryptography, but it's generally accepted that they're years ahead of the rest of the academic world):

> Additionally, algorithms from the NSA are considered a sort of alien technology: they come from a superior race with no explanations. Any successful cryptanalysis against an NSA algorithm is an interesting data point in the eternal question of how good they really are in there.

6 Name: !WAHa.06x36 2005-08-19 09:01 ID:wAzuMO9N

http://www.schneier.com/blog/archives/2005/08/new_cryptanalyt.html

The same attack has been improved, as expected. The complexity is now under 2^64, which means it is now possible to perform it in practice. Even more improvements are expected.

7 Name: Furi!EuK0M02kkg 2005-08-20 00:24 ID:Heaven

2^63... wow.

Keeping things in perspective, though, we need to know just how useful the attack is, too. Correct me if I'm wrong, but you still need the two files to make sense, don't you? If I send you a letter that Eve intercepts and manages to make a working hash for, the letter is probably going to look like garbage now, right?

8 Name: !WAHa.06x36 2005-08-20 01:29 ID:wAzuMO9N

Oh, it's not even that kind of attack - that sort of thing could be pretty devastating. It's just a method to find two pieces of data with the same checksum. There are very few applications which are vulnerable to this kind of break, but it's casting a lot of doubt on the algorithm overall, because this kind of thing shouldn't be possible. Well, not in less than 2^(N/2), that is, 2^80 time.

This thread has been closed. You cannot post in this thread any longer.