Popular Cryptographic Hash Function Possibly Broken

from the uh-oh dept

Last summer, there were rumors swirling that some researchers had figured out how to break SHA-1, a widely-used cryptographic hash function. While it wasn’t quite what was advertised, it was clear that some researchers were getting closer, and now Bruce Schneier is reporting that SHA-1 has been broken. If true, then it could require quite a bit of effort to change old systems that rely on it, and could present quite a bit of pain for certain companies.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Popular Cryptographic Hash Function Possibly Broken”

Subscribe: RSS Leave a comment
RMD265 is good enough for me (user link) says:

Chinese cryptographers

The authors of the latest paper are for the most part the same team from Shandong University who wrote the papers on hash collisions from this past August.
Previously only the expected collision issue in SHA-0 was confirmed (along with MD4, MD5, and the original RIPEMD), this new paper appears to actually demonstrate fatal flaws in SHA-1.

Anonymous Coward says:

Re: Re: Chinese cryptographers

MD5 isn’t so much broken as flawed for some purposes. SHA-1 now shows flaws of its own.

But let’s be clear: both have utility even in their flawed form. MD5 is computationally quick but not tremendously precise; SHA-1 is more precise, but more computationally taxing.

Both are used heavily by backup software makers: see backuppc.sourceforge.net for interesting discussion of the use of MD5 (and work-arounds for its limitations).

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...