Page 1 of 1

SHA1 Cracked :P

Posted: Fri Mar 04, 2005 7:21 pm
by Num3
SHA1 has been cracked by Chinese investigators...

You can read the whitepaper here: http://theory.csail.mit.edu/~yiqun/shanote.pdf

Posted: Fri Mar 04, 2005 10:14 pm
by Psychophanta
mmm, best matemathicians was classic greeks, which culture was an inheritance from asia before of old Greece.
And looks like history will be finally return back to asia. :o

Re: SHA1 Cracked :P

Posted: Sat Mar 05, 2005 12:20 am
by PB
What is SHA1 mainly used for? I know MD5 is used for verification, and RC4
is for encryption/decryption of sensitive data, but what about SHA1? Thanks.

Posted: Sat Mar 05, 2005 12:31 am
by Rescator
same as md5 only 160bits instead of 128bits as md5 is.
and it's also different algorithms obviously.

Posted: Sat Mar 05, 2005 9:35 am
by freedimension
And it's "invented" by the US Secret Service NSA, so no wonder there are Backdoors built in :D

Posted: Sat Mar 05, 2005 10:59 pm
by plouf
if i understand correct these guys found a way to find a keyy with the same fingertip that your key in less ....than 2^39 tries !!

btw isn't this supposed to happen sooner or later ? since sha has predefined width of fingertip and can take unlimited keys ?

Posted: Sat Mar 05, 2005 11:19 pm
by Gansta93
Sha1 is used for encryption of sertificates for examples thauth sertificates for mails.
Am I true ?

Posted: Sun Mar 06, 2005 4:46 am
by Rescator
No! sha1, md5 and similar are Hash algorithms.

They act as data finger prints.
The routines are made in such as way to make it virtually
impossible for i.e two almost identical files, or two very "similar" passwords
to end up with the same hash.

It is one way only.

It is very popular, esp md5.
This forum for example uses md5 to store the passwords.

So when you log into this forum the php code uses the php function md5()
on your password, then compare that hash with the hash allready stored in the forum database.

md5 and sha1 etc aren't really "encryption" they are just fingerprint/hash routines, and are one way.

So there is no way to reverse engineer a hash.
Altough you could try hashing every word in the dictionary and thus compare hashes and that way "crack" a hashed password.
There is a few sites on the net where you can enter a md5 hash
and if that hash is of i.e a word or password that is found in a common dictionary you will be able to find out if it's a match or not.

When the news articles say that sha1 is "cracked" it isn't entirely true,
what they did was find collitions earlier than expected.

A collision in the case of md5 and sha1 simply means that
two files or two different data ended up with the exact same hash.

This is no serious problem for normal use,
i.e. for making a md5 or sha1 hash of a file
and use that as a file fingerprint to ensure a file hasn't been damaged
during transport or storage (same as CRC32 etc)
A collison COULD be bad, but remember that files also have filenames,
and different filesizes and dates and more.
And since collissions are so rare it's not a every day "issue".

(usually files use CRC32 but that is only 32bit's, md5 is 128bits and thus less likely for collisions, and sha1 is 160bits)

The security issue with this is when md5 and sha1 is used to hash certificate's etc to ensure they are undamaged/unmodified.
The more "collisions" that are easily found,
the larger the chance that a black hat hacker or a cracker can
create a fake certificate but whos hash match the original certificates hash.

So md5 and sha1 are still secure "enough" just not as secure as one tought at first.
sha1 was supposed to be unbreakable and was made as a possible replacement for md5 (since it has 160bits ves md5's 128 bits)

no hash will EVER be perfect. why? there is no way one could make a fingerprint of eveyr possible file unique.

To do that you would literally have a hash as big as the file/data itself. *laughs*
Which would defeat the purpose of hash routines like crc32, md5, and sha1
that they are a small and easy/quick way to check the intergrity of a file or data.

Posted: Tue Mar 15, 2005 10:38 am
by Leo
The use of MD5 or SHA1 for integrity checks is no problem. But as Rescator wrote for (X.509) certificates there will be. Depending on the needed securitylevel (e.g. for financial transactions) MD5 should not be used and SHA1 is not recommended for future use. The end of the SHA1 life cycle is in the near future.

For the experts read this article http://www.win.tue.nl/~bdeweger/Collidi ... -final.pdf about constructing colliding certificates.

Posted: Tue Mar 15, 2005 1:30 pm
by Kale

Posted: Tue Mar 15, 2005 2:45 pm
by dagcrack
Altough you could try hashing every word in the dictionary and thus compare hashes and that way "crack" a hashed password.
AKA Bruteforcing.
Its the only method I know for MD5 at least.
Theres a couple of bruteforcing tools for md5 out there (since some years ago, but at that time when I tryed to bruteforce a md5 hash, it was taking 30 hours already and no luck, because of slow processors at those days, now it would take less or about that to bruteforce a md5 hash).

Hey sometimes is needed as an admin, you know what I mean.

Posted: Tue Mar 15, 2005 5:13 pm
by Kale
Hey sometimes is needed as an admin, you know what I mean.
MD5 Online Cracking

Posted: Tue Mar 15, 2005 5:30 pm
by thefool
@kale: thats the bruteforce

Posted: Tue Mar 15, 2005 8:42 pm
by Kale
thefool wrote:@kale: thats the bruteforce
Aye! :wink: