[TriLUG] SHA-1(Secure Hash Algorithm) Broken

Sarat S slinuxgeek at gmail.com
Tue Feb 15 23:41:00 EST 2005


 Check this out: SHA-1(Secure Hash Algorithm) Broken. (Content from
Slashdot and then from Bruce Schneier's weblog).

Quoting the words of the Security expert, Bruce Schneier:
"SHA-1 has been broken. Not a reduced-round version. Not a simplified
version. The real thing.The research team of Xiaoyun Wang, Yiqun Lisa
Yin, and Hongbo Yu (mostly from Shandong University in China) have
been quietly circulating a paper announcing their results:

    * collisions in the the full SHA-1 in 2**69 hash operations, much
less than the brute-force attack of 2**80 operations based on the hash
length.
    * collisions in SHA-0 in 2**39 operations.
    * collisions in 58-round SHA-1 in 2**33 operations.

This attack builds on previous attacks on SHA-0 and SHA-1, and is a
major, major cryptanalytic result. It pretty much puts a bullet into
SHA-1 as a hash function for digital signatures (although it doesn't
affect applications such as HMAC where collisions aren't important).

The paper isn't generally available yet. At this point I can't tell if
the attack is real, but the paper looks good and this is a reputable
research team.

More details when I have them."



More information about the TriLUG mailing list