Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
News that a nine-year-old encryption method--one that underlies the protection of virtually all secure online communications--appears to have been cracked by a team of three Chinese researchers has spurred encryption experts around the world to issue a call to action.
There have actually been several recent advances in breaking various cryptographic hashing algorithms in the last few months, with md5 and now sha1 being cracked. However it's very important to understand the context in which these algorithms have been 'broken'. For both md5 and sha1 researchers have devised techniques for finding collisions significantly more often than should be allowed by chance alone. Using these techniques you can find 2 files that have identical cryptographic checksums or digital signatures. However this still requires significant resources. Anecdotally (I have yet to actually read the sha1 paper), this will reduce the number of operations to 10^29 which is a significant failure in cryptographic terms, but in practical terms this still an enormous amount. Some of the estimates I've seen stating that a standard PC running for 1,000 years might identify a collision with this technique.
There are some areas such as legal fields and 3-letter gov't agencies where this may have profound effects, for example files digitally signed with md5 or SHA1 can no longer be considered to be 100% valid, as someone could generate a faked file with an identical hash. But for Joe linux user depending on sha or md5 passwd hashes, this is not a serious issue. Though I wouldn't be shocked to see everyone moving to new encryption algorithms in the near future.
Originally posted by Capt_Caveman Anecdotally (I have yet to actually read the sha1 paper), this will reduce the number of operations to 10^29 which is a significant failure in cryptographic terms, but in practical terms this still an enormous amount. Some of the estimates I've seen stating that a standard PC running for 1,000 years might identify a collision with this technique.
You mean 2**29. And from what I've read, the 2**29 operations is only under certain conditions, e.g. certain pieces of information are known and/or assumed correctly. The more realistic number is 2**69 operations, which is still for better than what SHA1's previous strength of 2**80.
I read an interesting comment regarding the time it would take to crack an SHA1 sum. It might take an ordinary PC a few centuries to churn through all the needed calculations to find a collision, but the spread of botnets (PCs infected by a virus and connected to the internet) has changed that dramatically. If you have a network of say 1000 shiny new Dell 3Ghz machines secretly crunching away on the numbers, the time to crack drops signifigantly. Now, even under the best operating environments, it would still take that network on the order of a decade or so, but it all rolls down hill from here.
Last edited by TruckStuff; 02-19-2005 at 09:38 AM.
Originally posted by gr33ndata Also, shall normal users continue using SHA-1 in their IPSec VPN, Digital Signatures etc or not.
Everything that's been written thus far indicates that there is no immediate and pressing danger with SHA1. MD5 has certainly lost its luster in the last few months, but isn't dead yet. The important thing to note about the "cracking" of SHA1 and MD5 is that this was accomplished using specially crafted data sets. There is no indication that a collission has been shown to exists in real-world data.
I think the CTO of PGP put it best: "Its time to walk, not run, to the exits. The fire alarm has sounded, but there is no smoke yet."