Spat's WebLog (Steve Patrick)

When things go wrong...

SHA-1 Broken? Tell me it aint so...

SHA-1 Broken? Tell me it aint so...

  • Comments 2

But alas, it looks like it is.  See here- http://www.schneier.com/blog/archives/2005/02/sha1_broken.html

For those needing some background on hashes see: http://www.unixwiz.net/techtips/iguide-crypto-hashes.html

spat

 

 

Leave a Comment
  • Please add 5 and 5 and type the answer here:
  • Post
  • Reading slashdot I got the idea that while they managed to get collision, that was just with a very specially crafted input. So while interesting, there's no practical use for the fact.
  • That depends on your definition of broken. The described attack allows you to create two inputs that hash to the same value (which was always possible) but not to create an input from a hash. So if you get hold of password hashes you still won't be able to retrieve the passwords with anything better than brute force. Of course if they publish the details it may lead to other smart people finding more weaknesses in the algorithm.
Page 1 of 1 (2 items)