SHA1 is broken
SHA1 is broken
https://security.googleblog.com/2017/02 ... ision.html
https://www.reddit.com/r/netsec/comment ... collision/
I create a PDF from the news on googleblog. Just the site goes offline...
https://www.reddit.com/r/netsec/comment ... collision/
I create a PDF from the news on googleblog. Just the site goes offline...
Re: SHA1 is broken
Sadly, OpenPGP, iOS and similar software still rely on SHA-1. Those are interesting times for pentesters.
Re: SHA1 is broken
Yeah. Hope they change that then.
Also here a short summary: http://borncity.com/win/2017/02/24/warn ... cessfully/
Also here a short summary: http://borncity.com/win/2017/02/24/warn ... cessfully/
Re: SHA1 is broken
SHA1 has been known to be weak for pure encryption/signing purposes. This is exactly why SHA1 certificates for secure websites have been phased out.
It is however NOT an issue for other purposes where collisions aren't a concern.
So, for the people who might panic:
SHA1 certificates for encryption shouldn't be used. This has been known for years and the Internet as a whole has migrated to SHA256.
Anyone using PGP for mail encryption should also have long since been migrated to SHA256.
SHA1 as part of an SSL/TLS cipher suite is not a problem, because the hash there is merely the HMAC[1]
[1]
It is however NOT an issue for other purposes where collisions aren't a concern.
So, for the people who might panic:
SHA1 certificates for encryption shouldn't be used. This has been known for years and the Internet as a whole has migrated to SHA256.
Anyone using PGP for mail encryption should also have long since been migrated to SHA256.
SHA1 as part of an SSL/TLS cipher suite is not a problem, because the hash there is merely the HMAC[1]
[1]
Security
The cryptographic strength of the HMAC depends upon the size of the secret key that is used. The most common attack against HMACs is brute force to uncover the secret key. HMACs are substantially less affected by collisions than their underlying hashing algorithms alone.[6][7][8] Therefore, HMAC-MD5 does not suffer from the same weaknesses that have been found in MD5.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: SHA1 is broken
I'm inferring from what I read elsewhere as well as MoonChild's post that "sha" (without 256) in the cyphersuite name refers to SHA-1. If all those were bad, we wouldn't have many left. So, yea, thanks Moonchild.
Re: SHA1 is broken
SHA without a number in a ciphersuite is indeed SHA-1 HMAC.GreenGeek wrote:I'm inferring from what I read elsewhere as well as MoonChild's post that "sha" (without 256) in the cyphersuite name refers to SHA-1. If all those were bad, we wouldn't have many left. So, yea, thanks Moonchild.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: SHA1 is broken
Fantastic link find!dark_moon wrote:I found here a nice overview of hash lifetimes:
http://valerieaurora.org/hash.html
Thanks!