SHA-1 Collisions for Meaningful Messages 128
mrogers writes "Following on the heels of last year's collision search attack against SHA-1, researchers at the Crypto 2006 conference have announced a new attack that allows the attacker to choose part of the colliding messages. "Using the new method, it is possible, for example, to produce two HTML documents with a long nonsense part after the closing </html> tag, which, despite slight differences in the HTML part, thanks to the adapted appendage have the same hash value." A similar attack against MD5 was announced last year."
Re:Quite simple to check file size also (Score:2, Insightful)
This is a big deal (Score:5, Insightful)
While expected since last year, selecting and using crypto-hashes just got a lot more difficult and error prone.
Re:This is a big deal (Score:1, Insightful)
How so? By default, a hash is breakable since its reducing the infinite input into a finite output. Ciphers do not.
Re:This is a big deal (Score:3, Insightful)
Whirlpool [terra.com.br] is a good choice these days. It's longer than most of the hashes out there, but I don't believe there have been any attacks yet demonstrated against it.
For those pythoners out there I wrote a quick wrapper for it [kepty.com] that should get you started. Excuse any site errors and just hit refresh
Re:Quite simple to check file size also (Score:3, Insightful)
Re:Not like if it was AES (Score:4, Insightful)
Now, if all emails were encrypted, it would be harder to immediately see what messages in a mailbox deserve your attention. But then at a later date CPU speed may make that a negligible difference.
Re:multiple hashes MD5 and SHA-1 (Score:1, Insightful)
Re:How about this combination: (Score:2, Insightful)
I really am asking-- I'm not all that up on the guts-and-wherefores of encryption/hashing, and I've wondered about this question as well.
easy tiger... (Score:3, Insightful)
No SHA1 collisions have ever been published
whether or not they have been found is a different matter entirely.