Feb. 16th, 2005

bellwether: (Default)
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: cryptography@metzdowd.com
Subject: SHA-1 cracked
Date: Tue, 15 Feb 2005 23:29:43 -0500

According to Bruce Schneier's blog
(http://www.schneier.com/blog/archives/2005/02/sha1_broken.html), a
team has found collisions in full SHA-1.  It's probably not a practical
threat today, since it takes 2^69 operations to do it and we haven't
heard claims that NSA et al. have built massively parallel hash
function collision finders, but it's an impressive achievement
nevertheless -- especially since it comes just a week after NIST stated
that there were no successful attacks on SHA-1.


This comes in the shadow of the SHA-0 collisions announced at CRYPTO '04. This means that it's 2048 times easier to come up with a piece of data which hashes to the same hash as a chosen piece of text. It doesn't mean that your banking sessions are insecure--not yet at any rate. It does mean we need to be looking for a replacement algorithm to use for digital signing.

Profile

bellwether: (Default)
bellwether

May 2009

S M T W T F S
     1 2
3456789
10111213141516
17181920212223
24252627282930
31      

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Jun. 11th, 2025 10:34 am
Powered by Dreamwidth Studios