SHA Cryptanalysis Paper Online
In February, I wrote about a group of Chinese researchers who broke the SHA-1 hash function. That posting was based on short notice from the researchers. Since then, many people have written me asking about the research and the actual paper, some questioning the validity of the research because of the lack of documentation.
The paper did exist; I saw a copy. They will present it at the Crypto conference in August. I believe they didn’t post it because Crypto requires that submitted papers not be previously published, and they misunderstood that to mean that it couldn’t be widely distributed in any way.
Now there’s a copy of the paper on the web. You can read “Finding Collisions in the Full SHA-1,” by Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu, here.
Josh Berry • June 24, 2005 2:04 PM
What are the implications of this attack?
I poked at the paper, and I really don’t understand the math behind it. But from what I gathered in the introduction, it seems like creating a collision for a SHA-1 hash still requires a large amount of computational power.
Is this something we (“we” meaning normal sysadmin-like people 😉 ) should be concerned about, practically, if we use SHA1 for password verification or something similar?