[funsec] another one bites the dust (SHA-1)

Blue Boar BlueBoar at thievco.com
Wed Mar 21 10:34:29 CDT 2007


Gadi Evron wrote:
> http://en.epochtimes.com/tools/printer.asp?id=50336

Not a very good article on the topic, which is something like a year old
now.

SHA-1 isn't nearly as broken as MD5, so far. The US Government was
scheduled to replace SHA-1 even before she came up with the better attack.

As I recall, the current best attack is something like a two chosen
plaintext birthday collision attack, with around 67 bits of brute force.
Ideal strength would be 80 bits.

So, I would call SHA-1 "breaking", but not "broken".

						BB


More information about the funsec mailing list