SHA-1 collision attacks are now actually practical and a looming danger

Discussion in 'Serious Discussion' started by Mr.X, May 13, 2019.

  1. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    6,432
    14,187
    210
    Research duo showcases first-ever SHA-1 chosen-prefix collision attack.

    https://www.zdnet.com/article/sha-1...-now-actually-practical-and-a-looming-danger/
    Research paper (PDF): https://eprint.iacr.org/2019/459.pdf

     
  2. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    6,432
    14,187
    210
    BLAKE2 — fast secure hashing

    BLAKE2 comes in two flavors:
    • BLAKE2b (or just BLAKE2) is optimized for 64-bit platforms—including NEON-enabled ARMs—and produces digests of any size between 1 and 64 bytes
    • BLAKE2s is optimized for 8- to 32-bit platforms and produces digests of any size between 1 and 32 bytes

    Which one or both to adopt here in MDL as a default checksum?
     
  3. LostED

    LostED SVF Patch Lover

    Jul 30, 2009
    5,531
    13,973
    180
    till HashCheck get BLAKE2 i stay on SHA2/SHA3
     
  4. Carlos Detweiller

    Carlos Detweiller MDL Spinning Tortoise

    Dec 21, 2012
    3,219
    2,831
    120
    I'm using SHA512 with HashCheck. Hashtab has BLAKE2sp.
     
  5. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    6,432
    14,187
    210
  6. LostED

    LostED SVF Patch Lover

    Jul 30, 2009
    5,531
    13,973
    180
    @Mr.X

    yes
    i just like the output checksums format
     
  7. RJARRRPCGP

    RJARRRPCGP MDL Senior Member

    Feb 24, 2010
    285
    34
    10
    What about ISO files in general now? It looks like some people are still using MD5!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    6,432
    14,187
    210
    Really?
    If you're talking about M$ isos (Windows and Office for example) in general, they are using SHA-1 since I can recall.
     
  9. Windows_Addict

    Windows_Addict MDL Senior Member

    Jul 19, 2018
    258
    360
    10
    HashCheck provides more functions than Hashtab,
    e.g. Hash file creation and verification in batch, and multi file/folder support in properties tab.
    AFAIK Hashtab doesn't provide these functionality.
     
  10. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    6,432
    14,187
    210
    Yes. I saw the other day I tried and played with it a bit.
    Although it needs and update to include BLAKE2 as @LostED already noted.
     
  11. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    11,753
    11,912
    340
    #11 Yen, May 27, 2019
    Last edited: May 27, 2019
    IMHO the posted source does not justify its headline. A Chinese team (Xiaoyun Wang et al.) already named a complexity of 'only' 2^69 operations (Year 2005).

    By releasing SHAttered the idea of a valid SHA-1 hash or signature has gone already. I mean it has lost its quality (one message=one hash) and to say good bye to it sooner or later is reasonable, but only because of that already.

    The danger is that SHA-1 has been broken in the year 2005!!! (2 different messages can have the same hash).
    There is no 'looming danger'...

    The headline "SHA-1 collision attacks are now actually practical...." is nothing special and nothing to be impressed. It's a personal evaluation and dependent on interest of the target.

    And also to think that this article justifies action NOW about hashing ISOs and to move away from SHA1 now is therefore absurd.

    They still speak about (an optimistic) complexity of 2^67.2.

    I wonder what people do have in their mind when thinking about to leave SHA-1 on file integrity /ISO hashing and if they really are aware of the proportions?!?

    (This bit there saying it's realizable...and....)
    ..should make really clear about proportions (just in case one cannot imagine 2^67 and the needed CPU power and time to fake a particular file / archive ......!!!)

    Who would invest $100,000 to fake a MS ISO and would still have enough time to compute?!


    Just my 2 cents.....:)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. RJARRRPCGP

    RJARRRPCGP MDL Senior Member

    Feb 24, 2010
    285
    34
    10
    I saw that someone is still using MD5 for a distro when at distrowatch.com
    But even SHA-1 is now a problem, like MD5 is, shucks.

    At least in digital signatures, it appears that Microsoft is using SHA256, at least for .Net Framework 4.7.2.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...