� Credibility | Main | DPRK �

February 16, 2005

SHA1 Broken

Just yesterday I downloaded cfv, a cool CLI tool for win32 that gives me some version checking stuff. I'm going to build a general purpose thingy that helps me build some automatic versioning tools and tripwire stuff. There are plenty of applications for it and I'm going to try to work it to make a secure file system, which is to say one that allows me to eyeball a log of changed files on a daily basis, extra coolness eh?

Anyway, the cfv package hosts a myriad of hash functions which are of varying length and sophistication. I'm a bit paranoid, now that I mention it, of the PGP 8.1 version that I got from PGP.com because its signature file has a dead or revoked key and the pgp keyserver isn't very responsive. I'm beginning to think that PGP itself is a honeypot. So my trust of hash functions has come pretty much down to MD5. But even so, since I use SlavaSoft's HashCalc, I had some interest in SHA1 since its result is a little bit longer. (This by the way made me think of whether or not that's what Google or other websites use to make an ID cookie...) Either way, it appears that it's now broken. This means work for security guys everywhere. Flight to quality. Must be nice.

In English from Frobnicator:

Yes, they found a way to break the hash function. But as the parent said, it does not mean it's suddenly invalid. Sure, the group found a way to break the algorithim, but look at According to TFA a collision can be found in about 2**69 hash operations. That's 590295810358705651712 attempts before they can find a match, as opposed to the 2**80 (1208925819614629174706176) that was expected before the paper. While the paper means it is orders of magnitude less work, it still means a lot of work for the attacker. Lets look at two relevant examples: disc images and passwords. Lets say I have an ISO disk image. I hack it, and want to modify some of the 'junk' bits using their algorithm. I'd still need to perform 590295810358705651712 hash operations on that image. Computing the hash of a disc is a slow operation. That's not something I could do in a day, week, or even a few months. Perhaps if I had a massivly parallel computer available, I could do it, but not as an individual. For a password, hopefully your system would lock the account long before there are that many failed login attempts. However, if your attacker has that kind of resources, you can assume it is feasable for them to find a hash collision. That's really only significant for governments, multi-national organizations, and other major enterprises, but not for most people.

So down here on earth, it's not a big deal, especially for those of us who don't shred all our trash.

Posted by mbowen at February 16, 2005 02:33 PM

Trackback Pings

TrackBack URL for this entry: