Log in

No account? Create an account

SHA-1 has been broken - Journal of Omnifarious

May. 10th, 2009

04:02 am - SHA-1 has been broken

Previous Entry Share Next Entry

It's sort of been broken for awhile. There were some attacks on it that were cheaper to perform than you'd expect given it's 160-bit hash length, but they were still not in the practical range for current computing hardware. Now there's an attack in 252 steps, which is well within the range of current computing hardware. Still not in the range for a desktop PC to be sure, but definitely doable.

The problem is that all of the replacements are woefully undertested and/or based on the same design principles as SHA-1 and so are also not particularly safe. The NIST hash function won't have good results for at least another 2-3 years. :-(

Current Mood: [mood icon] worried