Popular Cryptographic Hash Function Possibly Broken

from the uh-oh dept

Last summer, there were rumors swirling that some researchers had figured out how to break SHA-1, a widely-used cryptographic hash function. While it wasn't quite what was advertised, it was clear that some researchers were getting closer, and now Bruce Schneier is reporting that SHA-1 has been broken. If true, then it could require quite a bit of effort to change old systems that rely on it, and could present quite a bit of pain for certain companies.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    RMD265 is good enough for me, 16 Feb 2005 @ 1:28am

    Chinese cryptographers

    The authors of the latest paper are for the most part the same team from Shandong University who wrote the papers on hash collisions from this past August.
    Previously only the expected collision issue in SHA-0 was confirmed (along with MD4, MD5, and the original RIPEMD), this new paper appears to actually demonstrate fatal flaws in SHA-1.

    link to this | view in thread ]

  2. identicon
    nonuser, 16 Feb 2005 @ 5:21am

    Re: Chinese cryptographers

    So MD5 is broken as well? I think those are the two choices offered by Microsoft's code signing tools last time I checked.

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 16 Feb 2005 @ 10:18am

    Re: Chinese cryptographers

    MD5 isn't so much broken as flawed for some purposes. SHA-1 now shows flaws of its own.

    But let's be clear: both have utility even in their flawed form. MD5 is computationally quick but not tremendously precise; SHA-1 is more precise, but more computationally taxing.

    Both are used heavily by backup software makers: see backuppc.sourceforge.net for interesting discussion of the use of MD5 (and work-arounds for its limitations).

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.