id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
11167	migrate sha-1 to sha-2	ubuntu_demon	nobody	"I believe it's time to migrate from sha-1 to sha-2. 

Motivation :

from http://csrc.nist.gov/groups/ST/hash/policy.html :

""
NIST's Policy on Hash Functions

March 15, 2006: The SHA-2 family of hash functions (i.e., SHA-224, SHA-256, SHA-384 and SHA-512) may be used by Federal agencies for all applications using secure hash algorithms. Federal agencies should stop using SHA-1 for digital signatures, digital time stamping and other applications that require collision resistance as soon as practical, and must use the SHA-2 family of hash functions for these applications after 2010. After 2010, Federal agencies may use SHA-1 only for the following applications: hash-based message authentication codes (HMACs); key derivation functions (KDFs); and random number generators (RNGs). Regardless of use, NIST encourages application and protocol designers to use the SHA-2 family of hash functions for all new applications and protocols.""

from http://en.wikipedia.org/wiki/Sha-1#SHA-1 :

""
In February 2005, an attack by Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu was announced.[15] The attacks can find collisions in the full version of SHA-1, requiring fewer than 2**69 operations. (A brute-force search would require 280 operations.)
........
Cameron McDonald, Philip Hawkes and Josef Pieprzyk presented a hash collision attack with complexity 2**52 at the Rump session of Eurocrypt 2009""

From http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html :

""But there's an old saying inside the NSA: ""Attacks always get better; they never get worse."" Just as this week's attack builds on other papers describing attacks against simplified versions of SHA-1, SHA-0, MD4, and MD5, other researchers will build on this result. The attack against SHA-1 will continue to improve, as others read about it and develop faster tricks, optimizations, etc. And Moore's Law will continue to march forward, making even the existing attack faster and more affordable.""

I believe it's just a matter of time (years?) for an attack to be announced which finds collisions in SHA-1 in 2**39 operations (the current state of SHA-0).

"		closed	Uncategorized	1.0		duplicate			Unreviewed	0	0	0	0	0	0