Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Special pages
Niidae Wiki
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
SHA-1
(section)
Page
Discussion
English
Read
Edit
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
View history
General
What links here
Related changes
Page information
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
===SHA-0=== At [[CRYPTO (conference)|CRYPTO]] 98, two French researchers, [[Florent Chabaud]] and [[Antoine Joux]], presented an attack on SHA-0: [[hash collision|collisions]] can be found with complexity 2<sup>61</sup>, fewer than the 2<sup>80</sup> for an ideal hash function of the same size.<ref name="sha0-chabaud">{{Cite book|chapter-url=https://link.springer.com/chapter/10.1007/BFb0055720|chapter=Differential collisions in SHA-0|first1=Florent|last1=Chabaud|first2=Antoine|last2=Joux|title=Advances in Cryptology β CRYPTO '98 |series=Lecture Notes in Computer Science |editor-first=Hugo|editor-last=Krawczyk|date=October 3, 1998|volume=1462 |publisher=Springer|pages=56β71|via=Springer Link|doi=10.1007/BFb0055720|isbn=978-3-540-64892-5 }}</ref> In 2004, [[Eli Biham|Biham]] and Chen found near-collisions for SHA-0 β two messages that hash to nearly the same value; in this case, 142 out of the 160 bits are equal. They also found full collisions of SHA-0 reduced to 62 out of its 80 rounds.<ref>{{Cite web|url=https://www.iacr.org/archive/crypto2004/31520290/biham-chen-sha0-proc-real-one.pdf|title=Near-Collisions of SHA-0|last1=Biham|first1=Eli|last2=Chen|first2=Rafi}}</ref> Subsequently, on 12 August 2004, a collision for the full SHA-0 algorithm was announced by Joux, Carribault, Lemuet, and Jalby. This was done by using a generalization of the Chabaud and Joux attack. Finding the collision had complexity 2<sup>51</sup> and took about 80,000 processor-hours on a [[supercomputer]] with 256 [[Itanium 2]] processors (equivalent to 13 days of full-time use of the computer). On 17 August 2004, at the Rump Session of CRYPTO 2004, preliminary results were announced by [[Xiaoyun Wang|Wang]], Feng, Lai, and Yu, about an attack on [[MD5]], SHA-0 and other hash functions. The complexity of their attack on SHA-0 is 2<sup>40</sup>, significantly better than the attack by Joux ''et al.''<ref>{{cite web|url=http://www.freedom-to-tinker.com/archives/000664.html|title=Report from Crypto 2004|url-status=dead|archive-url=https://web.archive.org/web/20040821031401/http://www.freedom-to-tinker.com/archives/000664.html|archive-date=2004-08-21|access-date=2004-08-23}}</ref><ref>{{Cite newsgroup|first=Francois |last=Grieu|newsgroup=sci.crypt|title=Re: Any advance news from the crypto rump session?|date=18 August 2004 |time=05:06:02 +0200|message-id=fgrieu-05A994.05060218082004@individual.net}}</ref> In February 2005, an attack by [[Xiaoyun Wang]], [[Yiqun Lisa Yin]], and Hongbo Yu was announced which could find collisions in SHA-0 in 2<sup>39</sup> operations.<ref name="autogenerated1">{{Cite web |title=SHA-1 Broken β Schneier on Security |url=https://www.schneier.com/blog/archives/2005/02/sha1_broken.html |website=www.schneier.com}}</ref><ref>[http://www.infosec.sdu.edu.cn/paper/sha0-crypto-author-new.pdf Efficient Collision Search Attacks on SHA-0] {{webarchive|url=https://web.archive.org/web/20050910132832/http://www.infosec.sdu.edu.cn/paper/sha0-crypto-author-new.pdf |date=2005-09-10 }}, [[Shandong University]]</ref> Another attack in 2008 applying the [[boomerang attack]] brought the complexity of finding collisions down to 2<sup>33.6</sup>, which was estimated to take 1 hour on an average PC from the year 2008.<ref>{{Cite conference|first1=StΓ©phane |volume=5086|pages=16β35|last1=Manuel|first2=Thomas |last2=Peyrin |date=2008-02-11 |url= https://link.springer.com/content/pdf/10.1007%2F978-3-540-71039-4_2.pdf |title=Collisions on SHA-0 in One Hour |conference=Fast Software Encryption 2008 |doi=10.1007/978-3-540-71039-4_2|series=Lecture Notes in Computer Science|isbn=978-3-540-71038-7|doi-access=free }}</ref> In light of the results for SHA-0, some experts{{who|date=September 2015}} suggested that plans for the use of SHA-1 in new [[cryptosystem]]s should be reconsidered. After the CRYPTO 2004 results were published, NIST announced that they planned to phase out the use of SHA-1 by 2010 in favor of the SHA-2 variants.<ref>{{Cite web |url=https://csrc.nist.gov/News/2004/NIST-Brief-Comments-on-Recent-Cryptanalytic-Attack |title= NIST Brief Comments on Recent Cryptanalytic Attacks on Secure Hashing Functions and the Continued Security Provided by SHA-1 |date= 23 August 2017 |access-date=2022-03-16 }}</ref>
Summary:
Please note that all contributions to Niidae Wiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Encyclopedia:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Search
Search
Editing
SHA-1
(section)
Add topic
