SHA-1 broken! MD5 is next...
I was catching up on my SC Magazine reading (been falling behind. Why do I subscribe to it anyway?) when I read something damn interesting. A team of Chinese cryptographers broke SHA-1 via brute force? It was supposed to be mathematically impossible to break SHA-1 (2^80 computations or 1 million million million million) with current or any future technology.
However, this team managed to figure out a "collision" in 2^33 computations (about 9 billion computations only!) What is a collision? Ok basically a hash is used to generate a "short form" of something eg an email or credit card number. Ideally this hash is unique, meaning 2 emails cannot create the same hash. Of coz this is ideally... but if u heng suay then it's possible to get 2 identical hashes. If 2 different things get the same hash, it's a "collision".
What's even more interesting is that MD5 is considered weaker than SHA-1. MD5 is this team's next target. Seems like the cryptographic world is seeing a shakeup and revamp, starting with AES and now a new hash?
Guess it's time systems stop using SHA-1 and move to SHA-256 and SHA-512. Too bad I didn't read of this sooner.
However, this team managed to figure out a "collision" in 2^33 computations (about 9 billion computations only!) What is a collision? Ok basically a hash is used to generate a "short form" of something eg an email or credit card number. Ideally this hash is unique, meaning 2 emails cannot create the same hash. Of coz this is ideally... but if u heng suay then it's possible to get 2 identical hashes. If 2 different things get the same hash, it's a "collision".
What's even more interesting is that MD5 is considered weaker than SHA-1. MD5 is this team's next target. Seems like the cryptographic world is seeing a shakeup and revamp, starting with AES and now a new hash?
Guess it's time systems stop using SHA-1 and move to SHA-256 and SHA-512. Too bad I didn't read of this sooner.
posted by Beng Hacks at 7:44 PM
0 comments
