Mailinglist Archive: opensuse-security (256 mails)
| < Previous | Next > |
Re: [suse-security] SHA-1 broken - impact on SuSE linux versions
- From: Philippe Vogel <filiaap@xxxxxxxxxx>
- Date: Sun, 20 Feb 2005 22:44:54 +0100
- Message-id: <421904D6.7010308@xxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Malte Gell schrieb:
| On Sunday 20 February 2005 11:37, Kai Schaetzl wrote:
|
|> Polarizer wrote on Wed, 16 Feb 2005 13:31:49 +0100:
|>
|>> Broken is broken
|>
|> It's not broken.
|
|
| It IS broken, because the effort of finding a collision now is
| below the effort of using brute force, 2^64 vs 2^80. The same
| applies to a cipher, if the effort to find a key is below brute
| force it is broken, it's that simple. How feasible a real world
| attack is, is something different, but for a cryptographer SHA-1 is
| broken.
|
| Malte
O.K. a 2^64 key ist more insecure than a 2^80 long key, but try to
break it. The next step is to find the collision. If you got any
mathematical knowledge or some courses in encryption you would know
that this is not that easy. The issue is a mathematical instability in
the sha1 logithm. Normally I use md5.
SHA1 is normally used for fileintegrety (afaik with ssh), so may mr.
evil could hack a signed package and use this technique to break the
integrity of a signed file.
O.K. this is security related, but it still takes a strong efford to
break keys. Next thing is sha1 is a hashing algorith and no encryption
algorithm. What does this mean? A calculation aof the content of a
file is made and gets extracted to a file with a content of a bytes
compareable to adding digits of a number.
A second application of hashing is passwordencryption. You don't get
the password, if you hack a shadow-file, you get the hash-value of a
password. This is not the same than the password for itself.
This doesn't mean you are not safe anymore. But it is not more that
hard to get the sha1-value (2^64 = 1'844'674'074'000'000'000). A next
comparison would be key-lenght vs. encryption algorith (e.g.: twofish
or blowfish is not that secure than md5). There you see some
algorithms are more fast or slower and the faster are more insecure
than the slower ones.
I think mostly high secure applications should be concerned about that.
Reguards
Philippe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iQD1AwUBQhkE1kNg1DRVIGjBAQKeRgb+MlaiXIiK2S+lcHI1TIU0hxleUJuiAEo5
NA/ZSyOUJ9iBzLwbhvLMDvpkIC1u3iOVo4xNfYMgwHWh5RgXpEtIXajtFhD3wDvs
CcBtVmUhWA6xYZYsb/n+Q6qsrYWE8m0QIeviB6yhhqcNeQDBR8J99gwZuU1sgRVI
wF76CdwaaKtXKjlpuS3HfyV0rVOOfTod4lRCdvXs/MFOpTyPo3hZKtpG30FJuTTO
OfxlSWtik0tL8afBxbcAb1bcWBmJtUj14e3MReZpTFj+P05lk+CJ6yQKQSoYLj+q
ZP/JMC6mFA0=
=6RAG
-----END PGP SIGNATURE-----
Hash: SHA1
Malte Gell schrieb:
| On Sunday 20 February 2005 11:37, Kai Schaetzl wrote:
|
|> Polarizer wrote on Wed, 16 Feb 2005 13:31:49 +0100:
|>
|>> Broken is broken
|>
|> It's not broken.
|
|
| It IS broken, because the effort of finding a collision now is
| below the effort of using brute force, 2^64 vs 2^80. The same
| applies to a cipher, if the effort to find a key is below brute
| force it is broken, it's that simple. How feasible a real world
| attack is, is something different, but for a cryptographer SHA-1 is
| broken.
|
| Malte
O.K. a 2^64 key ist more insecure than a 2^80 long key, but try to
break it. The next step is to find the collision. If you got any
mathematical knowledge or some courses in encryption you would know
that this is not that easy. The issue is a mathematical instability in
the sha1 logithm. Normally I use md5.
SHA1 is normally used for fileintegrety (afaik with ssh), so may mr.
evil could hack a signed package and use this technique to break the
integrity of a signed file.
O.K. this is security related, but it still takes a strong efford to
break keys. Next thing is sha1 is a hashing algorith and no encryption
algorithm. What does this mean? A calculation aof the content of a
file is made and gets extracted to a file with a content of a bytes
compareable to adding digits of a number.
A second application of hashing is passwordencryption. You don't get
the password, if you hack a shadow-file, you get the hash-value of a
password. This is not the same than the password for itself.
This doesn't mean you are not safe anymore. But it is not more that
hard to get the sha1-value (2^64 = 1'844'674'074'000'000'000). A next
comparison would be key-lenght vs. encryption algorith (e.g.: twofish
or blowfish is not that secure than md5). There you see some
algorithms are more fast or slower and the faster are more insecure
than the slower ones.
I think mostly high secure applications should be concerned about that.
Reguards
Philippe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iQD1AwUBQhkE1kNg1DRVIGjBAQKeRgb+MlaiXIiK2S+lcHI1TIU0hxleUJuiAEo5
NA/ZSyOUJ9iBzLwbhvLMDvpkIC1u3iOVo4xNfYMgwHWh5RgXpEtIXajtFhD3wDvs
CcBtVmUhWA6xYZYsb/n+Q6qsrYWE8m0QIeviB6yhhqcNeQDBR8J99gwZuU1sgRVI
wF76CdwaaKtXKjlpuS3HfyV0rVOOfTod4lRCdvXs/MFOpTyPo3hZKtpG30FJuTTO
OfxlSWtik0tL8afBxbcAb1bcWBmJtUj14e3MReZpTFj+P05lk+CJ6yQKQSoYLj+q
ZP/JMC6mFA0=
=6RAG
-----END PGP SIGNATURE-----
| < Previous | Next > |