SHA-1 Broken 751
Nanolith writes "From Bruce Schneier's weblog: 'SHA-1 has been broken. Not a reduced-round version. Not a simplified version. The real thing. The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu (mostly from Shandong University in China) have been quietly circulating a paper announcing their results...'" Note, though, that Schneier also writes "The paper isn't generally available yet. At this point I can't tell if the attack is real, but the paper looks good and this is a reputable research team."
Sigh (Score:5, Funny)
Prison. (Score:5, Funny)
Oh great... (Score:3, Funny)
Time to switch.... (Score:4, Funny)
Time to start a panic (Score:5, Funny)
Damn it (Score:2, Funny)
Log into VPN Firewall
Check VPN settings
Notices SHA for authentication type
Swears
Checks other option, notices {none} and {md5}
scratches head
decides to go with MD5 until that too is broken
Well... (Score:2, Funny)
That said...PWN3D!!1!
Re:Sigh (Score:5, Funny)
About a month ago, I needed a mechanism for password hashes.
After some research, I decided that SHA1 was more secure than MD5.
So I hunted down some good public domain SHA1 code, read through it, and added it to my code.
Thanks /.!
Re:what's left (Score:3, Funny)
So What? (Score:2, Funny)
Maybe crackers would stop messing with our encryption if it was extremely easy to deal with.
SupahLeetCodah: d00d i just cracked SHA-1 and MD5,6 AND 7!!!1
Steve: So did my grandma and my proctologist.
Re:Sigh (Score:2, Funny)
Re:Hmm (Score:2, Funny)
Re:Now what do we use? (Score:3, Funny)
Re:Hey (Score:2, Funny)
I am outraged! Does this disgusting thing called 'fucking' really happen ? I must know.
Re:Info on what exactly SHA-1 is ... (Score:3, Funny)
I Can See Bruce Now.... (Score:4, Funny)
Bruce sits at his desk, reading over the encrypted e-mail sent to him about breaking SHA-1, when a loud scream echoes from his office
I JUST SENT OUT MY NEWSLETTER THIS MORNING!
Re:My Research team broke RSA! (Score:3, Funny)
Re:Broken or not? (Score:3, Funny)
Brought to you also by.... (Score:3, Funny)
http://www.md5crk.com/ [archive.org] (wayback archive)
Re:Hmm (Score:1, Funny)
Re:Well... (Score:5, Funny)
Re:Start recoding (Score:3, Funny)
One more crippling bombshell hit the already beleaguered cryptohash community when IDC confirmed that cryptohash market share has dropped yet again, now down to less than a fraction of 1 percent of all cryptographic algorithms. Coming on the heels of a recent Netcraft survey which plainly states that SHA1 has lost more market share, this news serves to reinforce what we've known all along. SHA1 is collapsing in complete disarray, as fittingly exemplified by failing dead last in the recent Sys Admin comprehensive cryptography test.
You don't need to be a Kreskin [amdest.com] to predict SHA1's future. The hand writing is on the wall: SHA1 faces a bleak future. In fact there won't be any future at all for SHA1 because SHA1 is dying. Things are looking very bad for SHA1. As many of us are already aware, SHA1 continues to lose market share. Red ink flows like a river of blood.
SHA1 is the most endangered of them all, having lost 93% of its core developers. The sudden and unpleasant departures of long time SHA1 developers Jordan Hubbard and Mike Smith only serve to underscore the point more clearly. There can no longer be any doubt: SHA1 is dying.
Let's keep to the facts and look at the numbers.
MD4 leader Theo states that there are 7000 users of MD4. How many users of MD5 are there? Let's see. The number of MD4 versus MD5 posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 MD5 users. SHA2 posts on Usenet are about half of the volume of MD5 posts. Therefore there are about 700 users of SHA2. A recent article put SHA1 at about 80 percent of the cryptohash market. Therefore there are (7000+1400+700)*4 = 36400 SHA1 users. This is consistent with the number of SHA1 Usenet posts.
Due to the troubles of Walnut Creek, abysmal sales and so on, SHA1 went out of business and was taken over by RSA who sell another troubled cryptohash. Now RSA is also dead, its corpse turned over to yet another charnel house.
All major surveys show that SHA1 has steadily declined in market share. SHA1 is very sick and its long term survival prospects are very dim. If SHA1 is to survive at all it will be among cryptographic dilettante dabblers. SHA1 continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, SHA1 is dead.
Fact: SHA1 is dying
Someone set us up the bomb (Score:3, Funny)
Now where did I leave my nukes....
Available in OpenBSD ;-) (Score:1, Funny)
Re:Well... (Score:3, Funny)
Re:Sigh (Score:4, Funny)
A mechanism to find collisions does not affect SHA-1's strength as a password hashing algorithm or its use in a hashed message authentication code. So you'll be just fine.Z
really? well, i'm not the real frymaster. what do you say to that?
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iD8DBQFCEsqV7Kzi+hL3je0RAl7iAJ41SsgjgwMvrS5+1OLLYp pYkXUPOgCgzSQS
c42DLVAjebLYs2VTPkT/iIc=
=8699
-----END PGP SIGNATURE-----
Clue: Parent is joking (Score:3, Funny)
Maybe his sense of humour fell through a one-way hash function some time back, but it's pretty clear from context that he's kidding.
--MarkusQ
SHA-1 is broken? Arggggh! (Score:3, Funny)
I'm still content with SHA-1 and DES (Score:2, Funny)
It never fails to crack me up how people freak out about theoretical weaknesses in cryptography but have $25 locks on their homes that any crook with a fork and a nail could open.... and steal your computer if not axe you to bits.
but, but.. SHA-2 will save me!!
Re:Well... (Score:5, Funny)
Missing the point... (Score:3, Funny)
Re:Well... (Score:5, Funny)
Re:Well... (Score:3, Funny)
Today's topic: Don't Make It Too Obvious.
better yet-- (Score:5, Funny)
Re:better yet-- (Score:5, Funny)
Re:better yet-- (Score:5, Funny)
Re:Sigh (Score:5, Funny)
Imagine tens of thousands of way-overpowered virus-infected 3Ghz Dell machines chewing threw the data?
Then imagine a beowulf cluster of those.
Re:Well (Score:2, Funny)
No, it didn't. In fact, this is the most important problem in CS.
Nahh.. The most important problem in CS are those annoying campers.
Re:Well... (Score:4, Funny)
Hah! (Score:5, Funny)
Using both "broken" hashes (Score:2, Funny)
Well whatever it is... (Score:5, Funny)
Great news for passwords (Score:2, Funny)
I'd type the complex one "32l;lkd49fj32*93f-FR" just once: When I create my account on the web site that demands that I have at least 8 characters, and some of them must be numeric and some must be non-alpha and so on.
After that, I can just type my usual "foo" as password and it'll accept it because the hash fits.
Huray.
unpublished paper reveals unspecified hole (Score:4, Funny)
Let's wait for the actual paper. If it takes more CPU power to force a collision within a year than the whole of what IBM sells in that year, I think that the hash is doing its job...