
'SHA-1 has been broken. Not a reduced-round version. Not a simplified version. The real thing.'
Moderator: General Moderators
'SHA-1 has been broken. Not a reduced-round version. Not a simplified version. The real thing.'
Not even remotely close to accurate.AGISB wrote:I don't consider finding any file that gives the same hash broken. To bring that to a use it probably needs quantum computers that don't exist yet.
Also..Bruce Schneier wrote:If you hashed 280 random messages, you'd find one pair that hashed to the same value. That's the "brute force" way of finding collisions, and it depends solely on the length of the hash value. "Breaking" the hash function means being able to find collisions faster than that. And that's what the Chinese did.
They can find collisions in SHA-1 in 269 calculations, about 2,000 times faster than brute force.
No quantum computers needed, no magically non-existant computers. Before you jump on the "who has a 25 million dollar computer" wagon, please do keep in mind that attackers have been reported to have zombie bot-nets in excess of 2,000 computers - more than sufficient to meet the task today. And thats a script kiddie!Bruce Schneier wrote:In 1999, a group of cryptographers built a DES cracker. It was able to perform 256 DES operations in 56 hours. The machine cost $250K to build, although duplicates could be made in the $50K-$75K range. Extrapolating that machine using Moore's Law, a similar machine built today could perform 260 calculations in 56 hours, and 269 calculations in three and a quarter years. Or, a machine that cost $25M-$38M could do 269 calculations in the same 56 hours.
Jon Callas wrote:Jon Callas, PGP's CTO, put it best: "It's time to walk, but not run, to the fire exits. You don't see smoke, but the fire alarms have gone off."
Bruce Schneier wrote:It's time for us all to migrate away from SHA-1.