SHA-1 Standard Cracked
 

Full story here

There have actually been several recent advances in breaking various cryptographic hashing algorithms in the last few months, with md5 and now sha1 being cracked. However it's very important to understand the context in which these algorithms have been 'broken'. For both md5 and sha1 researchers have devised techniques for finding collisions significantly more often than should be allowed by chance alone. Using these techniques you can find 2 files that have identical cryptographic checksums or digital signatures. However this still requires significant resources. Anecdotally (I have yet to actually read the sha1 paper), this will reduce the number of operations to 10^29 which is a significant failure in cryptographic terms, but in practical terms this still an enormous amount. Some of the estimates I've seen stating that a standard PC running for 1,000 years might identify a collision with this technique.

There are some areas such as legal fields and 3-letter gov't agencies where this may have profound effects, for example files digitally signed with md5 or SHA1 can no longer be considered to be 100% valid, as someone could generate a faked file with an identical hash. But for Joe linux user depending on sha or md5 passwd hashes, this is not a serious issue. Though I wouldn't be shocked to see everyone moving to new encryption algorithms in the near future.

You mean 2**29. ;) And from what I've read, the 2**29 operations is only under certain conditions, e.g. certain pieces of information are known and/or assumed correctly. The more realistic number is 2**69 operations, which is still for better than what SHA1's previous strength of 2**80.

I read an interesting comment regarding the time it would take to crack an SHA1 sum. It might take an ordinary PC a few centuries to churn through all the needed calculations to find a collision, but the spread of botnets (PCs infected by a virus and connected to the internet) has changed that dramatically. If you have a network of say 1000 shiny new Dell 3Ghz machines secretly crunching away on the numbers, the time to crack drops signifigantly. Now, even under the best operating environments, it would still take that network on the order of a decade or so, but it all rolls down hill from here. ;)

Cool. Thanks for the correction :)

I guess I misinterpreted the meaning of the article...

Was md5 broken too ?
Also, shall normal users continue using SHA-1 in their IPSec VPN, Digital Signatures etc or not.
By the way, which is secure more MD5 or SHA-1 ?

Trolling : Both MD5 and SHA-1 have collisions.

Check the posts:
http://www.schneier.com/blog/archive...nalysis_o.html
http://theory.csail.mit.edu/~yiqun/shanote.pdf

Very informative.

Everything that's been written thus far indicates that there is no immediate and pressing danger with SHA1. MD5 has certainly lost its luster in the last few months, but isn't dead yet. The important thing to note about the "cracking" of SHA1 and MD5 is that this was accomplished using specially crafted data sets. There is no indication that a collission has been shown to exists in real-world data.

I think the CTO of PGP put it best: "Its time to walk, not run, to the exits. The fire alarm has sounded, but there is no smoke yet." ;)

Some official info

http://www.pgp.com/news/sha1.html