[SECURITY-L] [S] SHA-1 Broken

CSIRT - UNICAMP security em unicamp.br
Qua Fev 16 14:02:18 -02 2005


----- Forwarded message from Cristine Hoepers <cristine em nic.br> -----

From: Cristine Hoepers <cristine em nic.br>
Subject: [S] SHA-1 Broken
To: seguranca em pangeia.com.br
Date: Wed, 16 Feb 2005 12:04:40 -0200


[http://www.schneier.com/blog/archives/2005/02/sha1_broken.html]

SHA-1 Broken

SHA-1 has been broken. Not a reduced-round version. Not a simplified
version. The real thing.

The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu
(mostly from Shandong University in China) have been quietly
circulating a paper announcing their results:

    * collisions in the the full SHA-1 in 2**69 hash operations, much
      less than the brute-force attack of 2**80 operations based on
      the hash length.

    * collisions in SHA-0 in 2**39 operations.

    * collisions in 58-round SHA-1 in 2**33 operations.

This attack builds on previous attacks on SHA-0 and SHA-1, and is a
major, major cryptanalytic result. It pretty much puts a bullet into
SHA-1 as a hash function for digital signatures (although it doesn't
affect applications such as HMAC where collisions aren't important).

The paper isn't generally available yet. At this point I can't tell if
the attack is real, but the paper looks good and this is a reputable
research team.

More details when I have them.

Posted on February 15, 2005 at 07:15 PM 


----- End forwarded message -----



Mais detalhes sobre a lista de discussão SECURITY-L