SHA-1 Broken

posted onFebruary 17, 2005
by hitbsecnews

L33tdawg: Much love to Fyodor Yarochkin for the heads up on this ;)

SHA-1 has been broken. Not a reduced-round version. Not a simplified version. The real thing.

The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu (mostly from Shandong University in China) have been quietly circulating a paper describing their results:

  • collisions in the the full SHA-1 in 2**69 hash operations, much less than the brute-force attack of 2**80 operations based on the hash length.
  • collisions in SHA-0 in 2**39 operations.
  • collisions in 58-round SHA-1 in 2**33 operations.

    This attack builds on previous attacks on SHA-0 and SHA-1, and is a major, major cryptanalytic result. It pretty much puts a bullet into SHA-1 as a hash function for digital signatures (although it doesn't affect applications such as HMAC where collisions aren't important).

    The paper isn't generally available yet.

    • Source

    Tags

    Encryption

    You May Also Like

    Other Articles In This Section

    Recent News

    Friday, November 29th

    North Korean hackers posing as IT workers steal over $1B in cyberattack
    OpenAI is at war with its own Sora video testers following brief public leak
    Found on VirusTotal: The world’s first UEFI bootkit for Linux

    Tuesday, November 19th

    CISA Director Jen Easterly, in Place Since 2021, to Step Down
    Korea extradites Russian, Vietnamese suspects linked to $16M ransomware scheme
    WhatsApp: NSO Group Operates Pegasus Spyware for Customers

    Friday, November 8th

    North Korean hackers target cryptocurrency with malware
    Man sick of crashes sues Intel for allegedly hiding CPU defects
    Law enforcement operation takes down 22,000 malicious IP addresses worldwide

    Friday, November 1st

    Youth of today say passwords are old news, passkeys are the future
    Chinese attackers accessed Canadian government networks – for five years
    OpenAI launches ChatGPT with Search, taking Google head-on
    Here’s the paper no one read before declaring the demise of modern cryptography
    Not just ChatGPT anymore: Perplexity and Anthropic’s Claude get desktop apps

    Tuesday, July 9th

    China's APT40 gang is ready to attack vulns within hours or days of public release
    AI-Powered Super Soldiers Are More Than Just a Pipe Dream
    The president ordered a board to probe a massive Russian cyberattack. It never did.
    Massive car dealer ransom attack is mostly over after 2 weeks of work-arounds

    Wednesday, July 3rd

    “RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
    Two of the German military’s new spy satellites appear to have failed in orbit

    Friday, June 28th

    Indonesian Airports, Data Centres Hit By Worst Cyberattack in Years
    Cisco Talos warns of wider security implications following Snowflake breach

    Thursday, June 27th

    I Wore Meta Ray-Bans in Montreal to Test Their AI Translation Skills. It Did Not Go Well
    Researchers upend AI status quo by eliminating matrix multiplication in LLMs
    YouTube tries convincing record labels to license music for AI song generator
    Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk
    Julian Assange to plead guilty but is going home after long extradition fight

    Thursday, June 13th

    Hackers show off jailbroken checkm8-vulnerable iPad and Apple TV running iPadOS 18 & tvOS 18 respectively
    One of the major sellers of detailed driver behavioral data is shutting down
    Turkish student creates custom AI device for cheating university exam, gets arrested

    Wednesday, June 12th

    Chinese-Made Biometric Access System Has 24 Vulnerabilities
    Apple and OpenAI currently have the most misunderstood partnership in tech
    Adobe to update vague AI terms after users threaten to cancel subscriptions
    China state hackers infected 20,000 Fortinet VPNs

    Tuesday, June 11th

    Russia Is Targeting Germany With Fake Information as Europe Votes