Mailinglist Archive: opensuse-security (256 mails)

< Previous Next >
SHA-1 broken - who cares?
  • From: SkyFlash <webmaster@xxxxxxxxxxxx>
  • Date: Mon, 21 Feb 2005 00:18:31 +0100
  • Message-id: <42191AC7.6020802@xxxxxxxxxxxx>
A second application of hashing is passwordencryption. You don't get
the password, if you hack a shadow-file, you get the hash-value of a
password. This is not the same than the password for itself.

This doesn't mean you are not safe anymore. But it is not more that
hard to get the sha1-value (2^64 = 1'844'674'074'000'000'000). A next
comparison would be key-lenght vs. encryption algorith (e.g.: twofish
or blowfish is not that secure than md5). There you see some
algorithms are more fast or slower and the faster are more insecure
than the slower ones.

I think mostly high secure applications should be concerned about that.

Reguards

Philippe


1. If you have the collision for a password hash you don't need the real password anymore, cause the collision will give you access as well.

2. The collision issue is only really relevant for password encryption, for the above reason. You won't be able to create a meaningfull collision, just SOME collision.

3. Compared to the risk of people creating and owning 100 GB rainbow tables of all SHA-1 hashes from 1-10 chars and offering password cracks online via web interface, the risk of one of those new found SHA-1 collisions threatening your security is negligable.

4. If your information is worth attacking, it may be worth protecting. But, is it really? I know that I have nothing in my possession that may make someone bruteforce 2^69 SHA-1 hashes to get to it. You may have something... but not everyone does.

Ralf


< Previous Next >
Follow Ups