Welcome to MSDN Blogs Sign in | Join | Help

SHA-1 Broken? Tell me it aint so...

But alas, it looks like it is.  See here- http://www.schneier.com/blog/archives/2005/02/sha1_broken.html

For those needing some background on hashes see: http://www.unixwiz.net/techtips/iguide-crypto-hashes.html

spat

 

 

Published Monday, February 21, 2005 7:43 PM by SpatDSG

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

Monday, February 21, 2005 9:22 PM by zzz

# re: SHA-1 Broken? Tell me it aint so...

Reading slashdot I got the idea that while they managed to get collision, that was just with a very specially crafted input. So while interesting, there's no practical use for the fact.
Monday, February 21, 2005 10:26 PM by Jerry Pisk

# re: SHA-1 Broken? Tell me it aint so...

That depends on your definition of broken. The described attack allows you to create two inputs that hash to the same value (which was always possible) but not to create an input from a hash. So if you get hold of password hashes you still won't be able to retrieve the passwords with anything better than brute force. Of course if they publish the details it may lead to other smart people finding more weaknesses in the algorithm.

Leave a Comment

(required) 
required 
(required) 

  
Enter Code Here: Required
 
Page view tracker