About the Author

Chris Shiflett

Hi, I'm Chris, a web developer and a founding member of Analog. I live and work in Brooklyn, NY.

SHA-1 Broken

I just read on Bruce Schneier's blog that SHA-1 has been broken. Bruce states:

SHA-1 has been broken. Not a reduced-round version. Not a simplified version. The real thing.

He continues:

This attack builds on previous attacks on SHA-0 and SHA-1, and is a major, major cryptanalytic result. It pretty much puts a bullet into SHA-1 as a hash function for digital signatures (although it doesn't affect applications such as HMAC where collisions aren't important).

This is a big deal.

About This Post

SHA-1 Broken was posted on Wed, 16 Feb 2005 at 04:17:05 GMT.

7 Comments

1. Chris Shiflett's GravatarChris Shiflett said:

More information is available from Ed Felton's prediction last year:

http://www.freedom-to-tinker.com/archives/000661.html

Wed, 16 Feb 2005 at 04:26:45 GMT Link

2. Robert's GravatarRobert said:

Is it really a big deal, though, Chris? Even if the predictability has been reduced to 2^69 do hackers have the capability of using this for exploit? I'm amazed at how quick everyone has been to sound the alarm in the absence of concrete information, let alone *practical* information about what this means for developers using SHA-1.

Thu, 17 Feb 2005 at 03:55:12 GMT Link

3. Chris Shiflett's GravatarChris Shiflett said:

I think it is a big deal, yes. It's true that no concrete evidence (e.g., collision) has been provided, but this is an important breakthrough that significantly weakens SHA-1. In addition, this will most likely lead to further breakthroughs.

If this research is what Bruce thinks it is (and I trust him not to cry wolf), SHA-1 is no longer safe to use for many of its most common applications. Being able to defeat the algorithm in 2048 times fewer tries than an enumerated attack is a big deal.

However, I understand your skepticism. I don't plan to worry about a SHA-1 signature for a file that I download anytime this year (e.g., I won't be wondering whether the file is fake and represents a collision), but for digital signatures that need to be reliable for at least twenty years, SHA-1 is no longer an appropriate choice.

Thu, 17 Feb 2005 at 04:27:20 GMT Link

4. Robert's GravatarRobert said:

I didn't realize people were using SHA-1 for long-standing signatures. I use GnuPG, which does use SHA-1 for integrity, but DSA/RSA or El Gamal for signing. Plus, I rotate the public key every year.

Sounds to me that to the average PHP coder (who now uses SHA-1 instead of MD5 to hash passwords for storage and is currently scratching her head as to why this is "wrong") this really isn't too big a deal. That script kiddie that compromised her bulletin board isn't going to be able to reverse the hashes with his four-year-old Gateway PC.

So, while I agree this is a *huge* deal for the cryptography community, it seems like a relatively smaller deal (compared, for example, to vulns. found in packages that have concrete, practical exploits) for the PHP community.

Thu, 17 Feb 2005 at 16:14:19 GMT Link

5. Chris Shiflett's GravatarChris Shiflett said:

Yeah, that's true. As I understand it, the collision was found by using two streams of data, so it's not a case of taking one known stream and finding a collision (which is the big concern).

Thu, 17 Feb 2005 at 16:22:13 GMT Link

6. Ilia Alshanetsky's GravatarIlia Alshanetsky said:

Even with the reduced strength of SHA-1 you would need an enormous amount of hardware and time just to "crack" one key. By the time you do, the data is likely to have changed many times over and you'd need to start from very beginning.

Fri, 18 Feb 2005 at 20:40:16 GMT Link

7. Chris Shiflett's GravatarChris Shiflett said:

Here is more elaboration from Schneier:

http://www.schneier.com/blog/archiv...analysis_o.html

Mon, 28 Feb 2005 at 05:19:39 GMT Link

Post A Comment

Personal Details and Comment

Style Guide

Line breaks are converted to paragraphs. Also use:

  • <a href="" title="">text</a>1
  • <em>text</em>
  • <blockquote><p>text</p></blockquote>
  • <code>2  <?php  if ($foo) {      $foo = TRUE;  }  ?></code>
  1. Note: <code> can be used inline (e.g. in paragraphs) or in a block as shown. Include whitespace and newlines in blocks.

Please enter Chris (my first name) below. This is a primitive spam prevention technique, and I apologize for the inconvenience.

Preview and Submit

Upcoming Events

Brooklyn Beta

21 - 22 Oct 2010

At The Invisible Dog, Brooklyn, New York.

New Comments

Chris Shiflett wrote:

Hi John, How do you avoid race conditions with this? The findandmodify() command is atomic,...

Posted in Auto Increment with MongoDB
John Judy wrote:

How do you avoid race conditions with this? Once you get to a certain traffic volume two or more ...

Posted in Auto Increment with MongoDB
Chris Shiflett wrote:

Hey Ivo, Andrei is best suited to give a full response, since he's the one who researched this...

Posted in Auto Increment with MongoDB
Ivo wrote:

Although you did mention that you werent going to discuss the why, I can't think of a single vali...

Posted in Auto Increment with MongoDB
Stikkyfinger wrote:

Jon Gibbins plays a mean guitar? I'd be interested to know what he plays and what type of guitar ...

Posted in Hello, Analog

Browse Comments

Work and Books

Analog Essential PHP Security HTTP Developer's Handbook