FYI: SHA-1 has been broken by the darn Chinese. Slashdot post an article (http://it.slashdot.org/article.pl?sid=05/02/16/0146218), which has other articles. This effects everything from PHP sha1(), IPsec, and WEP (wireless encryption). Big security problem!

This brings up a good question, what's better? If I understand right, SHA-1 was a replacement for MD5.

SHA-1 is not a replacement for MD5, but a different algorithm for the same purpose: Hashing.
As no details about the attack are posted yet we all should be very careful not to panic.

According to Bruce Schneier, the attack still needs 2^69 hash operations to calculate a hash, opposed to 2^80 operations in an "unbroken" SHA-1.

That is still a lot of work.

If the attack should be verified, SHA-1 might be dead when it comes to digital signatures and other things. For hashed passwords... you're still on a somewhat safe side (my personal current opinion).


I should add that the proposed attack appears to be a collision attack. That means after said 2^69 operations you would come up with another stream of data that results in the same SHA-1 hash.

From an educated guess I'd say that this will most likely be a random string and the attacker will not have any control over the content of the colliding string.

The attack seems to be useless for means of "decrypting" a hashed password, although you might argue that this attack might open the door to other attacks that can do this - time will tell.


However I for one will be watching the progress of this. First of all it has to be verified by other cryptoanalysts. Then we'll see what the real implications are.

BTW using a HMAC scheme with SHA-1 should still be perfectly safe, collisions aren't an issue here.

So: Relax, read the news, learn about HMAC.

Regards,
Sal-

Originally posted by rpanning
WEP (wireless encryption). Big security problem!

It has already been proven that WEP is insecure and shouldn't be used anyway. It's a complete waste of CPU cycles

Originally posted by piersk
It has already been proven that WEP is insecure and shouldn't be used anyway. It's a complete waste of CPU cycles

Hence why I use MAC filtering. Sure, someone can sniff the traffic and impersonate one of my MAC id's. And then get access to all of my wonderfully un-shared computers with nothing on them.

I guess if i was REALLY nuts I'd toss a proxy server in the middle and require it's use to access the internet. But that's a little crazy for a 5 machine home network :)

Most modern wireless APs/routers etc have the option to hide the SSID which I also do. It adds that little bit extra protection

Ok, so it doesn't seem to be that big of deal in the Web applications area.?.? I've been using md5() for all of my passwords, etc. Should I be using sha1() instead? I didn't realize sha1() was the primary choice after md5() was broke.

Ok, so it doesn't seem to be that big of deal in the Web applications area.
Well, it looks like the results were only for collisions, not pre-image attacks, so your passwords should still be reasonably safe, if they are reasonably strong to begin with.

The attacks against MD5 are also collision attacks, but you should have been using SHA1 anyway.

I think Schneier has tried to bring up the topic of a hash equivalent of the AES before (after CRYPTO2004), looks like such a suggestion was very much justified, but also rather late.

FYI - Just more news about the SHA-1 crack.
From Slashdot: More on Newly Broken SHA-1 (http://it.slashdot.org/article.pl?sid=05/02/19/1424201)
Details are out about the reported broken SHA-1 hash (http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html) function. The findings are that SHA-1 is not collision free and can be broken in 2^69 attempts instead of 2^80. This is about 2000 times faster. With todays computing power and Moores Law, a SHA-1 hash does not last too long. Using a modified DES Cracker, for the small sum of up to $38M, SHA-1 can be broken in 56 hours, with current computing power. In 18 months, the cost should go down by half. Jon Callas, PGP's CTO, put it best: 'It's time to walk, but not run, to the fire exits. You don't see smoke, but the fire alarms have gone off.' As Schneier suggests, 'It's time for us all to migrate away from SHA-1.' Alternatives include SHA-256 and SHA-512.

Listen to Schneier - he knows about these things: that quote of his dates from last August (http://www.computerworld.com/printthis/2004/0,4814,95343,00.html).

FYI - CNet has posted an article about their interview with the people who broke SHA-1. Here is a quote which makes me feel a little better.

That means that finding a collision of SHA-1 using our method will take 2 to the 19th times longer (about 5 million years). That is certainly out of the reach of our computing resources.

http://news.com.com/A+sense+of+insecurity/2008-7355_3-5595238.html?part=rss&tag=5587315&subj=news