SHA-1 Broken

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
markl999
DevNet Resident
Posts: 1972
Joined: Thu Oct 16, 2003 5:49 pm
Location: Manchester (UK)

SHA-1 Broken

Post by markl999 »

Just noticed this story over on Slashdot :o
'SHA-1 has been broken. Not a reduced-round version. Not a simplified version. The real thing.'
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

haha... well it'd happen sooner or later.. :) time to move to 1024 bit! :)
User avatar
markl999
DevNet Resident
Posts: 1972
Joined: Thu Oct 16, 2003 5:49 pm
Location: Manchester (UK)

Post by markl999 »

Back to ROT13 for me, so simple no one would think of trying it!

gura ntnva, znlor abg
AGISB
Forum Contributor
Posts: 422
Joined: Fri Jul 09, 2004 1:23 am

Post by AGISB »

What those cryptoguys call broken ......

They apparently got a collision in a less instances than that what brute force required.

I don't consider finding any file that gives the same hash broken. To bring that to a use it probably needs quantum computers that don't exist yet.

So don't start replacing your password hash just now or as a matter of fact in the next decade ;)
Roja
Tutorials Group
Posts: 2692
Joined: Sun Jan 04, 2004 10:30 pm

Post by Roja »

Dont want to drag up an old topic, but I'd rather there be some solid info in case someone does..
AGISB wrote:I don't consider finding any file that gives the same hash broken. To bring that to a use it probably needs quantum computers that don't exist yet.
Not even remotely close to accurate.
Bruce Schneier wrote:If you hashed 280 random messages, you'd find one pair that hashed to the same value. That's the "brute force" way of finding collisions, and it depends solely on the length of the hash value. "Breaking" the hash function means being able to find collisions faster than that. And that's what the Chinese did.

They can find collisions in SHA-1 in 269 calculations, about 2,000 times faster than brute force.
Also..

Bruce Schneier wrote:In 1999, a group of cryptographers built a DES cracker. It was able to perform 256 DES operations in 56 hours. The machine cost $250K to build, although duplicates could be made in the $50K-$75K range. Extrapolating that machine using Moore's Law, a similar machine built today could perform 260 calculations in 56 hours, and 269 calculations in three and a quarter years. Or, a machine that cost $25M-$38M could do 269 calculations in the same 56 hours.
No quantum computers needed, no magically non-existant computers. Before you jump on the "who has a 25 million dollar computer" wagon, please do keep in mind that attackers have been reported to have zombie bot-nets in excess of 2,000 computers - more than sufficient to meet the task today. And thats a script kiddie!

I'll let Jon and Bruce summarize:
Jon Callas wrote:Jon Callas, PGP's CTO, put it best: "It's time to walk, but not run, to the fire exits. You don't see smoke, but the fire alarms have gone off."
Bruce Schneier wrote:It's time for us all to migrate away from SHA-1.
Post Reply