bellwether | (no subject)

From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: cryptography@metzdowd.com
Subject: SHA-1 cracked
Date: Tue, 15 Feb 2005 23:29:43 -0500

According to Bruce Schneier's blog
(http://www.schneier.com/blog/archives/2005/02/sha1_broken.html), a
team has found collisions in full SHA-1.  It's probably not a practical
threat today, since it takes 2^69 operations to do it and we haven't
heard claims that NSA et al. have built massively parallel hash
function collision finders, but it's an impressive achievement
nevertheless -- especially since it comes just a week after NIST stated
that there were no successful attacks on SHA-1.

This comes in the shadow of the SHA-0 collisions announced at CRYPTO '04. This means that it's 2048 times easier to come up with a piece of data which hashes to the same hash as a chosen piece of text. It doesn't mean that your banking sessions are insecure--not yet at any rate. It does mean we need to be looking for a replacement algorithm to use for digital signing.