Viewing Single Post From: Sha-1 - Compromised Security

Viewing Single Post From: Sha-1 - Compromised Security
Donald	Dec 20 2005, 06:32 AM
Elite member Posts: 454 Group: Trusted Member Member #8 Joined: September 2, 2005	Thank you for the article! Folks on Sci.Crypt have been suggesting that everyone move away from MD5 and SHA-1 for a while now. As the article points out, MD5 is truly compromised and SHA-1 is on the way down. (Attacks always get better, never worse) "cows" then we may be hitting the fan and all our secrets may not be secret at all. Don't Panic. Yes, SHA-1 being broken is a bad thing, but it will not cause all secrets to be revealed. For example, if you use SHA-1 (or even MD5) to convert a text passphrase into a secure key, the hash being broken will not do much to weaken the strength of your key. The ability to find collisions does not allow anyone to guess either your key or your passphrase. The big thing that broken hashes really threaten is message authentication. If you are signing encrypted messages with an MD5 hash, it is now within the realm of reason that someone could modify the message in a way that would "collide" with the original. In other words, the message would now say something different, but the has would still be the same. This is, indeed, a bad thing, but it does NOT mean that hackers will be reading all your old encrypted files. And of course, the solution is easy, just switch to SHA-256. Donald


Sha-1 - Compromised Security · News