Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Storm brewing over SHA-1 as further breaks are found
Robert Lemos, SecurityFocus 2005-08-23

Three Chinese researchers have further refined an attack on the encryption standard frequently used to digitally sign documents, making the attack 64 times faster and leaving cryptographers to debate whether the standard, known as the Secure Hash Algorithm, should be phased out more quickly than planned.

Comments Mode:
Storm brewing over SHA-1 as further breaks are found 2005-08-23
Anonymous
I like that last line, but it would sound better if you said this:

"If you wait until the future (october) we can tell you more about the future then."

I have about 50 future sporting events that I would like to tell you who you should have bet on by October. Accuracy is guaranteed to be 100...

[ more ]  [ reply ]
Storm brewing over SHA-1 as further breaks are found 2005-08-25
RT (1 replies)
It's not clear that these findings necessitate a crash fix, at least for many purposes. For example, human-readable messages (e.g., email or documents) have context. It is unlikely that a second intelligible message with the same context and hash of the original could be devised. A human would ha...

[ more ]  [ reply ]
Unfortunately, not necessarily true. 2005-08-29
Roger (1 replies)
What RT is referring to is the fact the found collisions are basically random, with no structure controllable by the attacker. However, it has already been demonstrated how many document formats and message protocols allow this random "junk" to be hidden. The two documents look totally different nee...

[ more ]  [ reply ]
Re: Unfortunately, not necessarily true. 2005-09-04
Ramiro Rela
I agree with Roger, but the odds of finding such a subtle way to tamper a document are exremely low.

I would not say "you can see the cracks in the ceiling" just because they are quicker in finding two random documents whose hashes collide. That's far from finding a second document given the firs...

[ more ]  [ reply ]
Storm brewing over SHA-1 as further breaks are found 2005-09-04
catfish (1 replies)
Would it be safe to run both sha1 and md5? I assume they can't collide both at the same time?...

[ more ]  [ reply ]
Re: Storm brewing over SHA-1 as further breaks are found 2005-11-10
Anonymous
<I assume they can't collide both at the same time?>

I was thinking the same thing. Use two algorithyms.

Or do something like this. Hash the file, add the hash to the end of the file and hash it again.

I seems like you can't avoid collisions unless you make the hash codes bigger than the ...

[ more ]  [ reply ]




 

Privacy Statement
Copyright 2009, SecurityFocus