SHA
SHA-1 Broken
SHA-1 has been broken. Not a reduced-round version. Not a simplified version. The real thing.
The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu(mostly from Shandong University in China) have been quietlycirculating a paper describing their results:
- collisions in the the full SHA-1 in 2**69 hash operations, muchless than the brute-force attack of 2**80 operations based on the hashlength.
- collisions in SHA-0 in 2**39 operations.
- collisions in 58-round SHA-1 in 2**33 operations.
This attack builds on previous attacks on SHA-0 and SHA-1, and is amajor, major cryptanalytic result. It pretty much puts a bullet intoSHA-1 as a hash function for digital signatures (although it doesn’taffect applications such as HMAC where collisions aren’t important).
The paper isn’t generally available yet. At this point I can’t tellif the attack is real, but the paper looks good and this is a reputableresearch team.
More details when I have them.
一队由山东大学、中国科学院和上海交通大学组成的研究队伍,最近证明了用以产生数字签名的SHA-1算法并不是牢不可破,可以通过巨型计算机进行运算破解。
密码学专家Bruce Schneier在其网络日志中指出,“这一研究成果是基于以前对SHA-0和SHA-1算法的研究而提出的,但这次所得出的是非常重大的成果。它动摇了SHA-1作为生成数字签名的主要算法的地位。”
一般认为,要破解SHA-1算法需要进行2的80次方次运算。但中国的研究队伍证明了只要进行2的69次方次运算就可以了,虽然这依然是很庞大的运算量,但现存的巨型计算机已经可以胜任。
破解SHA-1算法的研究人员王小云、Yiqun Lisa Yin及于红博,去年更发表了一篇论文,讨论了破解其他著名算法的方法,包括MD-4、MD-5、HAVAL和RIPEM-D等算法。
(小知识:“SHA-1 ”已获美国标准与技术研究院(NIST)的认证,而且是唯一获准用于美国政府“数字签名标准”的签名演算法。“SHA-1 ”产生160 位的数字与字串,长度比MD5 产生的128 位更长,因此被视为更安全)
PS:王小云,之前曾因发表快速获取md5碰撞散列值的算法而闻名安全界.按照她的方法,通过现有的普通计算机,每几小时即可获得一对碰撞的md5字串.
类似的文章还有:
Comments
Share your thoughts...