FYI: SHA-1 has been broken by the darn Chinese. Slashdot post an article, which has other articles. This effects everything from PHP [man]sha1/man, IPsec, and WEP (wireless encryption). Big security problem!

This brings up a good question, what's better? If I understand right, SHA-1 was a replacement for MD5.

    SHA-1 is not a replacement for MD5, but a different algorithm for the same purpose: Hashing.
    As no details about the attack are posted yet we all should be very careful not to panic.

    According to Bruce Schneier, the attack still needs 269 hash operations to calculate a hash, opposed to 280 operations in an "unbroken" SHA-1.

    That is still a lot of work.

    If the attack should be verified, SHA-1 might be dead when it comes to digital signatures and other things. For hashed passwords... you're still on a somewhat safe side (my personal current opinion).

    [edit]
    I should add that the proposed attack appears to be a collision attack. That means after said 269 operations you would come up with another stream of data that results in the same SHA-1 hash.

    From an educated guess I'd say that this will most likely be a random string and the attacker will not have any control over the content of the colliding string.

    The attack seems to be useless for means of "decrypting" a hashed password, although you might argue that this attack might open the door to other attacks that can do this - time will tell.
    [/edit]

    However I for one will be watching the progress of this. First of all it has to be verified by other cryptoanalysts. Then we'll see what the real implications are.

    BTW using a HMAC scheme with SHA-1 should still be perfectly safe, collisions aren't an issue here.

    So: Relax, read the news, learn about HMAC.

    Regards,
    Sal-

      Originally posted by rpanning
      WEP (wireless encryption). Big security problem!

      It has already been proven that WEP is insecure and shouldn't be used anyway. It's a complete waste of CPU cycles

        Originally posted by piersk
        It has already been proven that WEP is insecure and shouldn't be used anyway. It's a complete waste of CPU cycles

        Hence why I use MAC filtering. Sure, someone can sniff the traffic and impersonate one of my MAC id's. And then get access to all of my wonderfully un-shared computers with nothing on them.

        I guess if i was REALLY nuts I'd toss a proxy server in the middle and require it's use to access the internet. But that's a little crazy for a 5 machine home network 🙂

          Most modern wireless APs/routers etc have the option to hide the SSID which I also do. It adds that little bit extra protection

            Ok, so it doesn't seem to be that big of deal in the Web applications area.?.? I've been using md5() for all of my passwords, etc. Should I be using sha1() instead? I didn't realize sha1() was the primary choice after md5() was broke.

              Ok, so it doesn't seem to be that big of deal in the Web applications area.

              Well, it looks like the results were only for collisions, not pre-image attacks, so your passwords should still be reasonably safe, if they are reasonably strong to begin with.

              The attacks against MD5 are also collision attacks, but you should have been using SHA1 anyway.

              I think Schneier has tried to bring up the topic of a hash equivalent of the AES before (after CRYPTO2004), looks like such a suggestion was very much justified, but also rather late.

                FYI - Just more news about the SHA-1 crack.

                From Slashdot: More on Newly Broken SHA-1
                Details are out about the reported broken SHA-1 hash function. The findings are that SHA-1 is not collision free and can be broken in 269 attempts instead of 280. This is about 2000 times faster. With todays computing power and Moores Law, a SHA-1 hash does not last too long. Using a modified DES Cracker, for the small sum of up to $38M, SHA-1 can be broken in 56 hours, with current computing power. In 18 months, the cost should go down by half. Jon Callas, PGP's CTO, put it best: 'It's time to walk, but not run, to the fire exits. You don't see smoke, but the fire alarms have gone off.' As Schneier suggests, 'It's time for us all to migrate away from SHA-1.' Alternatives include SHA-256 and SHA-512.

                  11 days later
                  Write a Reply...