SHA-1 Collisions for Meaningful Messages - Slashdot

Become a fan of Slashdot on Facebook

×

SHA-1 Collisions for Meaningful Messages 128

Posted by CmdrTaco on Sunday August 27, 2006 @09:44AM from the well-this-isn't-very-helpful dept.

mrogers writes "Following on the heels of last year's collision search attack against SHA-1, researchers at the Crypto 2006 conference have announced a new attack that allows the attacker to choose part of the colliding messages. "Using the new method, it is possible, for example, to produce two HTML documents with a long nonsense part after the closing </html> tag, which, despite slight differences in the HTML part, thanks to the adapted appendage have the same hash value." A similar attack against MD5 was announced last year."

This discussion has been archived. No new comments can be posted.

SHA-1 Collisions for Meaningful Messages

Search 128 Comments Log In/Create an Account

Comments Filter:

Re:Quite simple to check file size also (Score:2, Insightful)

by Apage43 ( 708800 ) writes: on Sunday August 27, 2006 @10:12AM (#15989328) Homepage

Where's the "Correct filesize" kept? If it's stored in the document, it's still possible (Though more difficult) to change it and make a collision.

Parent Share
twitter facebook
This is a big deal (Score:5, Insightful)

by gweihir ( 88907 ) writes: on Sunday August 27, 2006 @10:12AM (#15989331)

One thing is that cryptographic hash functions should be easier to make secure than ciphers. At leaste that is what many cryptogtaphers thought. The other is that up to now you could rely on SHA-1 to be collision resistant, no matter what. The argument that you have a large part of the message being "garbage" does not give any real security. Many, many applications can still be attacked, and they need not even be broken for that.

While expected since last year, selecting and using crypto-hashes just got a lot more difficult and error prone.

Share
twitter facebook
Re:This is a big deal (Score:1, Insightful)

by Anonymous Coward writes: on Sunday August 27, 2006 @10:25AM (#15989370)

One thing is that cryptographic hash functions should be easier to make secure than ciphers.

How so? By default, a hash is breakable since its reducing the infinite input into a finite output. Ciphers do not.

Parent Share
twitter facebook
Re:This is a big deal (Score:3, Insightful)

by kassemi ( 872456 ) writes: on Sunday August 27, 2006 @10:31AM (#15989391) Homepage

Whirlpool [terra.com.br] is a good choice these days. It's longer than most of the hashes out there, but I don't believe there have been any attacks yet demonstrated against it.

For those pythoners out there I wrote a quick wrapper for it [kepty.com] that should get you started. Excuse any site errors and just hit refresh

Parent Share
twitter facebook
Re:Quite simple to check file size also (Score:3, Insightful)

by Xugumad ( 39311 ) writes: on Sunday August 27, 2006 @10:38AM (#15989413)

I have to say, trusting SHA-1 to do what it says on the tin, is not incompetent. Naive, sure, but not incompetent.

Parent Share
twitter facebook
Re:Not like if it was AES (Score:4, Insightful)

by shokk ( 187512 ) writes: <ernieoporto.yahoo@com> on Sunday August 27, 2006 @11:28AM (#15989602) Homepage Journal

The problem is that your old keys and the messages they encrypted are available for cracking now and forever. Most people only encrypt important messages, which are easy to look for in a mailbox, and at a later time could be easy to crack. There's probably even a good change the data in that mail could still be important.

Now, if all emails were encrypted, it would be harder to immediately see what messages in a mailbox deserve your attention. But then at a later date CPU speed may make that a negligible difference.

Parent Share
twitter facebook
Re:multiple hashes MD5 and SHA-1 (Score:1, Insightful)

by Anonymous Coward writes: on Sunday August 27, 2006 @12:46PM (#15989947)

Even if you find that set, you don't overcame the most hard thing to do : have it real malicious code. Because, well, that's a hell to do a SHA-1 collision, and it's even more of a hell to do it with a code purposed to do anything usable and not just random crap.

Parent Share
twitter facebook
Re:How about this combination: (Score:2, Insightful)

by FLEB ( 312391 ) writes: on Sunday August 27, 2006 @01:18PM (#15990066) Homepage Journal

In cases of verification (rather than security) isn't more specificity better? I'd agree that double-hashing something like a secret password causes a loss of security, but if you're double-hashing a file to verify its contents, more specificity means it's harder to get a match by garbage-packing.

I really am asking-- I'm not all that up on the guts-and-wherefores of encryption/hashing, and I've wondered about this question as well.

Parent Share
twitter facebook
easy tiger... (Score:3, Insightful)

by Anonymous Coward writes: on Sunday August 27, 2006 @08:50PM (#15991546)

I think the key point is this:

No SHA1 collisions have ever been published

whether or not they have been found is a different matter entirely.

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

413 commentsChatGPT Leans Liberal, Research Shows
347 commentsAmazon CEO Says 'It's Probably Not Going To Work Out' For Employees Who Defy Return-to-Office Policy
327 commentsHotel Owners Start To Write Off San Francisco as Business Nosedives
323 commentsChina is Building Nuclear Reactors Faster Than Any Other Country
315 commentsChina is Calling in Loans To Dozens of Countries

There are two ways to write error-free programs; only the third one works.