[funsec] another one bites the dust (SHA-1)
BlueBoar at thievco.com
Wed Mar 21 10:34:29 CDT 2007
Gadi Evron wrote:
Not a very good article on the topic, which is something like a year old
SHA-1 isn't nearly as broken as MD5, so far. The US Government was
scheduled to replace SHA-1 even before she came up with the better attack.
As I recall, the current best attack is something like a two chosen
plaintext birthday collision attack, with around 67 bits of brute force.
Ideal strength would be 80 bits.
So, I would call SHA-1 "breaking", but not "broken".
More information about the funsec