Opened 6 years ago

Closed 6 years ago

#11167 closed (duplicate)

migrate sha-1 to sha-2

Reported by: ubuntu_demon Owned by: nobody
Component: Uncategorized Version: 1.0
Severity: Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

I believe it's time to migrate from sha-1 to sha-2.

Motivation :

from http://csrc.nist.gov/groups/ST/hash/policy.html :

"
NIST's Policy on Hash Functions

March 15, 2006: The SHA-2 family of hash functions (i.e., SHA-224, SHA-256, SHA-384 and SHA-512) may be used by Federal agencies for all applications using secure hash algorithms. Federal agencies should stop using SHA-1 for digital signatures, digital time stamping and other applications that require collision resistance as soon as practical, and must use the SHA-2 family of hash functions for these applications after 2010. After 2010, Federal agencies may use SHA-1 only for the following applications: hash-based message authentication codes (HMACs); key derivation functions (KDFs); and random number generators (RNGs). Regardless of use, NIST encourages application and protocol designers to use the SHA-2 family of hash functions for all new applications and protocols."

from http://en.wikipedia.org/wiki/Sha-1#SHA-1 :

"
In February 2005, an attack by Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu was announced.[15] The attacks can find collisions in the full version of SHA-1, requiring fewer than 269 operations. (A brute-force search would require 280 operations.)
........
Cameron McDonald, Philip Hawkes and Josef Pieprzyk presented a hash collision attack with complexity 2
52 at the Rump session of Eurocrypt 2009"

From http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html :

"But there's an old saying inside the NSA: "Attacks always get better; they never get worse." Just as this week's attack builds on other papers describing attacks against simplified versions of SHA-1, SHA-0, MD4, and MD5, other researchers will build on this result. The attack against SHA-1 will continue to improve, as others read about it and develop faster tricks, optimizations, etc. And Moore's Law will continue to march forward, making even the existing attack faster and more affordable."

I believe it's just a matter of time (years?) for an attack to be announced which finds collisions in SHA-1 in 239 operations (the current state of SHA-0).

Change History (1)

comment:1 Changed 6 years ago by ubernostrum

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Resolution set to duplicate
  • Status changed from new to closed

This is a duplicate of #5600.

Note: See TracTickets for help on using tickets.
Back to Top