Discussion in 'Chit Chat' started by 3sidedcube, Dec 29, 2015.
sha-1 is now classed as redundant seen as it's nearly cracked so should we trust it any more.
First of all, I'm not sure how anyone can 'crack' a hash function. Yes, hardwares are getting more powerful & we've more sophisticated hash algorithms but finding the domain of collision through probability & designing a rouge payload to design an PoC exploit shouldn't be called 'cracking', IMHO.
Maybe it helps to put it this way: If you can achieve what the hash function is designed to prevent, then it can be considered "cracked".
It is no longer safe.
Crossing the road is not safe either...
Perhaps safe inside Ólafsvík, Vesturland but NY?
Come on ... time to change!
It's safe to cross in NY. You just have to move fast.
NY, not all are fast enough ... Ahaha
@Satoshi: That looks like Penn Station. (Or, around the corner from it.)
You should see that place around rush hour...It's a zoo.
Yes, is from NY.
SHA1 was exploited, not cracked. There's a fkin difference.
SHA-1 being exploited would mean some system was broken because of SHA-1. AFAIK, outside of these theoretical weaknesses, it hasn't, yet.
Just don't use it anymore when you can also use SHA-2.
I think what the article talks about is excessive collisions in the hash algorithm of SHA-1, (IIRC. I read it around when Tito first posted it)
Excessive collisions would mean that two documents could possibly be assigned the same hash value.
I suppose in very specific instances, it could be used to exploit something.
Edit: This is a little scary.
Being able to find 2 inputs that give colliding outputs is still a whole different thing than finding a colliding input for another fixed input. Edit: http://crypto.stackexchange.com/questions/29695/what-is-a-freestart-collision
So while SHA-1 isn't trivially broken as to cause real problems, it's too weak to use for new implementations. And you probably shouldn't use it for signing mails with legal documents and such.
Edit: That link is about MD5 which nobody should use anymore. But it's basically the same thing happening.
We've long known that SHA-1 is broken.
http://www3.ntu.edu.sg/CorpComms2/D...ctical SHA-1 Collision Attack Months Away.pdf
Let the SHA1 mofo die... together with statcounter