topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Tuesday October 15, 2024, 2:17 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: SHA1 is dead - First known collision exploit discovered  (Read 3559 times)

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,759
    • View Profile
    • Read more about this member.
    • Donate to Member
SHA1 is dead - First known collision exploit discovered
« on: February 23, 2017, 06:53 PM »
Cryptographers refer to the attack disclosed Thursday as an "identical-prefix" collision, meaning it allows the attacker to create two distinct messages that have the same hash value. This variety is less powerful than the "chosen-prefix" MD5 collision carried out by Flame. In the latter case, attackers can target one or more existing files, such as the digital certificate that a company uses to authenticate its update mechanism. Despite the collision against SHA1 being less powerful, cryptography experts said any real-world identical-prefix attack represented a game-over event for a hashing function.

"In crypto we have the idea that hash function collisions should be really hard to find, even if they're 'useless,'" said Johns Hopkins University professor Matt Green, speaking generally about collisions before he learned the specifics of the new SHA1 attack. A real-world collision attack "is the equivalent of finding out that your scalpel wasn't sterilized properly. It may not verifiably have germs on it, but the whole instrument is considered unsafe."

Read more here:
https://arstechnica....unction-is-now-dead/


brotherS

  • Master of Good Ideas
  • Honorary Member
  • Joined in 2005
  • **
  • Posts: 2,261
    • View Profile
    • Donate to Member
Re: SHA1 is dead - First known collision exploit discovered
« Reply #2 on: February 25, 2017, 07:08 AM »
Yeah, interesting topic! I found this fascinating:

The amount of computations required to carry out the attack is staggering: nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total which took 6,500 years of CPU computation to complete the attack first phase and 110 years of GPU computation to complete the second phase.

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 2,504
    • View Profile
    • Donate to Member
Re: SHA1 is dead - First known collision exploit discovered
« Reply #3 on: February 27, 2017, 05:24 AM »
SHA1 is dead

No, it's not - that's where the problem lies.