SHA-1 Broken

Nanolith writes "From Bruce Schneier's weblog: 'SHA-1 has been broken. Not a reduced-round version. Not a simplified version. The real thing. The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu (mostly from Shandong University in China) have been quietly circulating a paper announcing their results...'" Note, though, that Schneier also writes "The paper isn't generally available yet. At this point I can't tell if the attack is real, but the paper looks good and this is a reputable research team."

Sigh

[Anonymous Coward]

And I just got done upgrading from MD5.

Prison.

[Seumas]

A lot of companies and products use SHA1 in some form or another. Does this mean that we can arrest and imprison these "researchers" if they ever step foot in America?

Oh great...

[randori82]

Time to change the VPN policies

Time to switch....

[Anonymous Coward]

... to SHA-2!

Time to start a panic

[psetzer]

If you don't switch to the newest, latest hashing algorithm, you will die horribly when your corrupted emacs RPM performs malicious code!!! Everyone, delete everything and log off of the Internets now!!! We're all gonna die!!! HELP!!!

Damn it

[afidel]

/me
Log into VPN Firewall
Check VPN settings
Notices SHA for authentication type
Swears
Checks other option, notices {none} and {md5}
scratches head
decides to go with MD5 until that too is broken /me wishes security were easier

Well...

[game kid]

...at least we still have SHA256, SHA384 and SHA512.

That said...PWN3D!!1!

Re:Sigh

[dasunt]

About a month ago, I needed a mechanism for password hashes.

After some research, I decided that SHA1 was more secure than MD5.

So I hunted down some good public domain SHA1 code, read through it, and added it to my code.

Thanks /.!

Re:what's left

[mboverload]

Everyone should just randomly hit keys on their keyboard for each file. Totally random, but most files with be "sfkhadou"

So What?

[cr0y]

Long live ROT-13.

Maybe crackers would stop messing with our encryption if it was extremely easy to deal with.

SupahLeetCodah: d00d i just cracked SHA-1 and MD5,6 AND 7!!!1

Steve: So did my grandma and my proctologist.

Re:Sigh

[Janitha]

Can you hear the sound... its the sound of admins all around the world crying. And I thought my SHA-1 rainbow tables were awsome.

Re:Hmm

[Anonymous Coward]

Ya.. 20 years ago we used a hashing algorithm at college. Not sure how secure it was but we got really messed up.

Re:Now what do we use?

[Trejkaz]

crypt()

Re:Hey

[Anonymous Coward]

oops I accidentally highlighted 'fucking' from your post instead and searched for that

I am outraged! Does this disgusting thing called 'fucking' really happen ? I must know.

Re:Info on what exactly SHA-1 is ...

[jayhawk88]

Isn't this a plot from a Dan Brown book?

I Can See Bruce Now....

[Alan Hicks]

Bruce sits at his desk, reading over the encrypted e-mail sent to him about breaking SHA-1, when a loud scream echoes from his office

I JUST SENT OUT MY NEWSLETTER THIS MORNING!

Re:My Research team broke RSA!

[elmegil]

And it's elegant. But it won't fit in the margin of a post on slashdot.

Re:Broken or not?

[Southpaw018]

I love how you link that like you're mister high and mighty and you don't spell his name in the link right. I didn't either, but I have ethos. I'd never heard of him before. =)

Brought to you also by....

[Dark Coder]

The MD5 crack team....

http://www.md5crk.com/ [archive.org] (wayback archive)

Re:Hmm

[Tongo]

When the holy fuck did this become a technical forum?!?!

Re:Well...

[all your mwbassguy a]

thank god ROT-13 will never be cracked.

Re:Start recoding

[NoMoreNicksLeft]

It is official; Netcraft confirms: SHA1 is dying

One more crippling bombshell hit the already beleaguered cryptohash community when IDC confirmed that cryptohash market share has dropped yet again, now down to less than a fraction of 1 percent of all cryptographic algorithms. Coming on the heels of a recent Netcraft survey which plainly states that SHA1 has lost more market share, this news serves to reinforce what we've known all along. SHA1 is collapsing in complete disarray, as fittingly exemplified by failing dead last in the recent Sys Admin comprehensive cryptography test.

You don't need to be a Kreskin [amdest.com] to predict SHA1's future. The hand writing is on the wall: SHA1 faces a bleak future. In fact there won't be any future at all for SHA1 because SHA1 is dying. Things are looking very bad for SHA1. As many of us are already aware, SHA1 continues to lose market share. Red ink flows like a river of blood.

SHA1 is the most endangered of them all, having lost 93% of its core developers. The sudden and unpleasant departures of long time SHA1 developers Jordan Hubbard and Mike Smith only serve to underscore the point more clearly. There can no longer be any doubt: SHA1 is dying.

Let's keep to the facts and look at the numbers.

MD4 leader Theo states that there are 7000 users of MD4. How many users of MD5 are there? Let's see. The number of MD4 versus MD5 posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 MD5 users. SHA2 posts on Usenet are about half of the volume of MD5 posts. Therefore there are about 700 users of SHA2. A recent article put SHA1 at about 80 percent of the cryptohash market. Therefore there are (7000+1400+700)*4 = 36400 SHA1 users. This is consistent with the number of SHA1 Usenet posts.

Due to the troubles of Walnut Creek, abysmal sales and so on, SHA1 went out of business and was taken over by RSA who sell another troubled cryptohash. Now RSA is also dead, its corpse turned over to yet another charnel house.

All major surveys show that SHA1 has steadily declined in market share. SHA1 is very sick and its long term survival prospects are very dim. If SHA1 is to survive at all it will be among cryptographic dilettante dabblers. SHA1 continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, SHA1 is dead.

Fact: SHA1 is dying

Someone set us up the bomb

[Sophrosyne]

... it looks to me the only solution is wipe Jinan city off the map.
Now where did I leave my nukes....

Available in OpenBSD ;-)

[Anonymous Coward]

Which of course is available for that ever so wonderfully secure os called OpenBSD ;-)

Re:Well...

[Wavicle]

I noticed using ROT-2 gave what looked like a kinda-close decryption of ROT-13. So I started trying ROT-3, then ROT-4, I got as far as ROT-12 before I got bored and gave up, but it was showing great promise!

Re:Sigh

[Frymaster]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

A mechanism to find collisions does not affect SHA-1's strength as a password hashing algorithm or its use in a hashed message authentication code. So you'll be just fine.Z

really? well, i'm not the real frymaster. what do you say to that?

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iD8DBQFCEsqV7Kzi+hL3je0RAl7iAJ41SsgjgwMvrS5+1OLLYp pYkXUPOgCgzSQS c42DLVAjebLYs2VTPkT/iIc= =8699 -----END PGP SIGNATURE-----

Clue: Parent is joking

[MarkusQ]

Maybe his sense of humour fell through a one-way hash function some time back, but it's pretty clear from context that he's kidding.

--MarkusQ

SHA-1 is broken? Arggggh!

[Peter Cooper]

Now I know why my site doesn't work anymore. SHA-1 is broken. Digest::SHA1 won't produce any hashes for me anymore, and I tried to debug the issue but couldn't work out what was going on. Thanks for letting us know SHA-1 is broken Slashdot. I wonder when it will be fixed?

I'm still content with SHA-1 and DES

[lawaetf1]

Realistically, if I gave any of you people a .txt file encrypted with DES and said that if you can crack it in 3 months I'll give you $15k.. would you be able to? I rather doubt it. 2^69 is still a plenty big number for me. I'll worry in a few years when CPUs are faster

It never fails to crack me up how people freak out about theoretical weaknesses in cryptography but have $25 locks on their homes that any crook with a fork and a nail could open.... and steal your computer if not axe you to bits.
but, but.. SHA-2 will save me!!

Re:Well...

[flatface]

That's nothing. ROT-26 offers the best encryption as of yet!

Missing the point...

[Wes Janson]

It's gone from being a billion times easier, to a half a billion times easier, to just simply find the person responsible and beat any necessary data out of them with a baseball bat and/or knife. Which is cheaper? Extensive studying of cryptography, thousands of dollars of computers, and an extremely long waiting time in order to brute-force something? Or just buying plane tickets, a blunt object, looking up the person's address on MapQuest, and having Cousin Luigi pay a friendly visit?

Re:Well...

[tonsofpcs]

I can't read your post, it seems to be encrypted in that new ROT-26 scheme.

Re:Well...

[E_elven]

Comedy 102.

Today's topic: Don't Make It Too Obvious.

better yet--

[bodrell]

What someone really ought to do is use ROT-7.5 twice to decrypt ROT-13.

Re:better yet--

[isometrick]

7.5? 13? I'm guessing you aren't the one who broke SHA-1 ... :-p

Re:better yet--

[SpaceLifeForm]

Someone found that ROT-6.5 works better.

Re:Sigh

[B3ryllium]

You do realize, of course, that the recent preponderance of IRC-controlled botnets and such could easily be applied to a computational challenge such as this?

Imagine tens of thousands of way-overpowered virus-infected 3Ghz Dell machines chewing threw the data?

Then imagine a beowulf cluster of those.

Re:Well

[andersa]

No, it didn't. In fact, this is the most important problem in CS.

Nahh.. The most important problem in CS are those annoying campers.

Re:Well...

[Jugalator]

I think ROT-65536 would work even better, especially for Unicode.

Hah!

[Hobbex]

That is nothing. This post has been encrypted with an unbreakable one-time-pad! TWICE!

Using both "broken" hashes

[HexDoll]

Why not make two hashes of a password using different algorithms, one using MD5 and the other using SHA-1. If an attacker was able to produce a password where the hash matched one it would be very unlikely to get the correct hash using the other algorithm unless the attacker had found the original password.

Well whatever it is...

[cmacb]

I hope they get it fixed soon.

Great news for passwords

[milosoftware]

Now I can type a simple password, and produce a complex password that has the same hash.

I'd type the complex one "32l;lkd49fj32*93f-FR" just once: When I create my account on the web site that demands that I have at least 8 characters, and some of them must be numeric and some must be non-alpha and so on.

After that, I can just type my usual "foo" as password and it'll accept it because the hash fits.

Huray.

unpublished paper reveals unspecified hole

[snorklewacker]

At least they gave the algorithm. If their synopsis is indicative of the paper, they illustrate that SHA-1 has collisions, and collisions can be discovered through the awesomely sophisticated technique of brute force. Pardon me while I dust off my bomb shelter.

Let's wait for the actual paper. If it takes more CPU power to force a collision within a year than the whole of what IBM sells in that year, I think that the hash is doing its job...