心情: 一般
继MD5被中国山东大学的马小云教授破解后,人们开始改用SHA-1来作为替代算法,但是SHA-1也出事了:
|
SHA-1 has been broken. Not a reduced-round version. Not a simplified version. The real thing. The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu (mostly from Shandong University in China) have been quietly circulating a paper describing their results: collisions in the the full SHA-1 in 2**69 hash operations, much less than the brute-force attack of 2**80 operations based on the hash length. collisions in SHA-0 in 2**39 operations.
This attack builds on previous attacks on SHA-0 and SHA-1, and is a major, major cryptanalytic result. It pretty much puts a bullet into SHA-1 as a hash function for digital signatures (although it doesn't affect applications such as HMAC where collisions aren't important). The paper isn't generally available yet. At this point I can't tell if the attack is real, but the paper looks good and this is a reputable research team. More details when I have them. |
还是同一拨人,文章来自:
http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
http://jroller.com/page/eu/20050216#sha1_is_not_secure
http://www.gadgetguy.de/index.php/2005/02/16/sha_1_has_been_broken
现在还能依赖什么算法???