<< Deja Demo  |  Showtime Experiments With Streaming Shows >>

(Mis)Uses of Technology

(Mis)Uses of Technology

by Mike Masnick

Tue, Feb 15th 2005 10:14pm

Share This




Popular Cryptographic Hash Function Possibly Broken

from the uh-oh dept

Last summer, there were rumors swirling that some researchers had figured out how to break SHA-1, a widely-used cryptographic hash function. While it wasn't quite what was advertised, it was clear that some researchers were getting closer, and now Bruce Schneier is reporting that SHA-1 has been broken. If true, then it could require quite a bit of effort to change old systems that rely on it, and could present quite a bit of pain for certain companies.

3 Comments | Leave a Comment..

 
 

Reader Comments

(Flattened / Threaded)

    Feb 16th, 2005 @ 1:28am

  • Chinese cryptographers

    by RMD265 is good enough for me

    The authors of the latest paper are for the most part the same team from Shandong University who wrote the papers on hash collisions from this past August.
    Previously only the expected collision issue in SHA-0 was confirmed (along with MD4, MD5, and the original RIPEMD), this new paper appears to actually demonstrate fatal flaws in SHA-1.

    (reply to this comment) (link to this comment)

      • Feb 16th, 2005 @ 5:21am

    • Re: Chinese cryptographers

      by nonuser

      So MD5 is broken as well? I think those are the two choices offered by Microsoft's code signing tools last time I checked.

      (reply to this comment) (link to this comment)

        • Feb 16th, 2005 @ 10:18am

      • Re: Chinese cryptographers

        by Anonymous Coward

        MD5 isn't so much broken as flawed for some purposes. SHA-1 now shows flaws of its own.

        But let's be clear: both have utility even in their flawed form. MD5 is computationally quick but not tremendously precise; SHA-1 is more precise, but more computationally taxing.

        Both are used heavily by backup software makers: see backuppc.sourceforge.net for interesting discussion of the use of MD5 (and work-arounds for its limitations).

        (reply to this comment) (link to this comment)

Add Your Comment

Have a Techdirt Account? Sign in now.
Get Techdirt’s Daily Email
Plain Text HTML
Save me a cookie
  • Plain Text: A CRLF will be replaced by break <br> tag, all other allowable HTML is intact
  • HTML: No formatting of any kind is done without explicitly being written in
  • Allowed HTML Tags: <b> <i> <p> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Close
Have a Techdirt Account? Sign in now.
Get Techdirt’s Daily Email
Plain Text HTML Save me a cookie

<< Deja Demo  |  Showtime Experiments With Streaming Shows >>

Search Techdirt
And now, a word from our Sponsors..
San Francisco Music Tech 2009
15% off discount for Techdirt Readers



Subscribe to Techdirt's Daily Email Newsletter

Techdirt's Daily Email Newsletter

Related Stories

Google Blocking Set Top Boxes From Showing YouTube Unless They Pay Up? (43)

Netherlands The Latest To Propose Mileage Tax That Requires GPS For Tracking Driving (30)

Don't Post Comments On StlToday.com Or They Might Tell Your Boss (45)

Brazilian Hacking Attempts Fail To Break Brazilian E-Voting, But Do Improve The Process (16)

FreeCreditReport Wins Over 1,000 Domain Names In Dispute Process (27)

Close
E-mail It