SHA1 is broken now
https://shattered.io/
SHA1 is broken now
- netmaestro
- PureBasic Bullfrog
- Posts: 8433
- Joined: Wed Jul 06, 2005 5:42 am
- Location: Fort Nelson, BC, Canada
Re: SHA1 is broken now
Looks like shameless self-promotion to me. I'd like to see more mathematical proof and less advertising before I'm impressed.
BERESHEIT
-
- Always Here
- Posts: 6425
- Joined: Fri Oct 23, 2009 2:33 am
- Location: Wales, UK
- Contact:
Re: SHA1 is broken now
I don't know - I think most likely the claims are genuine, SHA-1 has effectively been obsolete for critical use since about 2006 if we are to believe the opinion given on Wikipedia, amongst others.
IdeasVacuum
If it sounds simple, you have not grasped the complexity.
If it sounds simple, you have not grasped the complexity.
Re: SHA1 is broken now
one of Google's teams was involved in it though so i wouldnt bet against it
https://arstechnica.com/security/2017/0 ... -now-dead/The research is the result of a more than two-year collaboration between researchers at the Centrum Wiskunde & Informatica in the Netherlands and Google's research security, privacy, and anti-abuse group. The first phase of the attack was run on a heterogeneous CPU cluster that was hosted by Google and spread over eight physical locations. A second and more expensive phase was run on a heterogeneous cluster of K20, K40, and K80 GPUs that were also hosted by Google. Had the researchers performed their attack on Amazon's Web Services platform, it would have cost $560,000 at normal pricing. Had the researchers been patient and waited to run their attack during off-peak hours, the same collision would have cost $110,000. That's within the $75,000 to $120,000 range CWI's Stevens projected in late 2015.
Re: SHA1 is broken now
All the meaning of such Google useless 'efforts' and articles.... You can use our file tester above to check your files. If you use Chrome, you will be automatically protected...
They are useless because of... who cares about such 'news'? It's anyway obvious that if you need serious security you should use the most complex and proven algorithms, not something questionable from 2000x. If you don't need, then you should use good old MD5 and SHA1 for performance and other nice things ^_^
"W̷i̷s̷h̷i̷n̷g o̷n a s̷t̷a̷r"