SHA-1 Broken!

16 02 2005

Bruce Schneier is reporting that SHA-1 has been broken!

SHA-1 has been broken. Not a reduced-round version. Not a simplified version. The real thing.

A team from China,

Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu (mostly from Shandong University in China) have been quietly circulating a paper describing their results:

has broken the SHA-1 hash algorithm. Time for a new hash again 😦

It pretty much puts a bullet into SHA-1 as a hash function for digital signatures

SHA-1 is the hash function used by .NET to sign assemblies.  Will MS come up with an alternative soon?  I hope so, or the trusting computing initiative takes a pretty strong hit.




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: