SHA-1 and the importance of formatting
Posted on August 22, 2005
Filed Under /dev/null/ | 51 views |
I read the InfoSec News because I do enjoy a good daily dose of the Info and the Sec. Today, over breakfast, I read the following which nearly made me spit my Corn Pops(tm) across the coffee table:
Crypto researchers have discovered a new, much faster, attack against the widely-used SHA-1 hashing algorithm. Xiaoyun Wang, one of the team of Chinese cryptographers that demonstrated earlier attacks against SHA-0 and SHA-1, along with Andrew Yao and Frances Yao, have discovered a way to produce a collision in SHA-1 over just 263 hash operations compared to 269 hash operations previously. A brute force attack should take 280 operations.
“But wait”, says I, “that’s absurd! That can’t be right! 263 operations? If that were so then school children would be required to find collisions as part of their nightly homework, the secret decoder ring in mine very own Corn Pops(tm) could find a collision in a matter of hours… And 280 operations for a brute force attack? That’s not brute force, that’s barely waking up in the morning. And besides, I’m sure that just thte other day I was reading that….”
Turns out that whomever copied and pasted this article from The Register neglected to do any checking of the formatting because it’s not 263 but rather a much more reasonable 2^63, which was formatted in the original article as:
Crypto researchers have discovered a new, much faster, attack against the widely-used SHA-1 hashing algorithm. Xiaoyun Wang, one of the team of Chinese cryptographers that demonstrated earlier attacks against SHA-0 and SHA-1, along with Andrew Yao and Frances Yao, have discovered a way to produce a collision in SHA-1 over just 263 hash operations compared to 269 hash operations previously. A brute force attack should take 280 operations.
It just goes to prove the old adage: the world need a good editor.
Comments
Leave a Reply