SHA-1 Officially Broken

Just what it sounds like.

SHA-1 Officially Broken

Postby JoshParnell » Fri Feb 24, 2017 1:21 pm

(Random, interesting tidbit)
The day has finally come. SHA-1 collision is feasible (well, with quite some resources, but still)!

https://shattered.io/

Now, not really much need to be alarmed, SHA-1 has been known to be 'not good enough' for a long time; those who are still using it are knowingly playing with fire. Everyone should be using at least SHA256 when security is required.

Which brings us to the real question...when will SHA256 fall? :geek: That will be a scary day indeed if it comes sooner than expected :ghost:
“Whether you think you can, or you think you can't--you're right.” ~ Henry Ford
User avatar
JoshParnell
Developer
 
Posts: 4237
Joined: Sun Oct 07, 2012 3:06 pm
Location: Baton Rouge, LA

Re: SHA-1 Officially Broken

Postby Silverware » Fri Feb 24, 2017 2:25 pm

All encryption will fall eventually, if it can go backwards through any method at all, then it can and (given time+resources) will be broken.

This is both cool, and fun news though. Lets me throw it in the face of a customer who still uses Sha1 :V
ᕕ(ಠ‸ಠ)⊃━☆゚.*・。゚
Image
User avatar
Silverware
Vice Admiral
 
Posts: 2800
Joined: Sun Sep 07, 2014 3:23 pm
Location: Goattown-Three, Sigma Six, Goat Space

Re: SHA-1 Officially Broken

Postby Flatfingers » Fri Feb 24, 2017 5:04 pm

I suspect we will be discussing this on Monday where I work.

Just in case.

And certainly SHA256 will also fall at some point; Moore's Law will inevitably catch up to it. (As it will Bitcoin miners.) The question is whether something better will have been created in a standardized and reasonably simple to adopt format before then.

And then we'll have ANOTHER round of "OMG time to replace all our certs and test all our interfaces."

Assuming SMOD doesn't put us all out of our misery because we were too stupid to establish a self-sustaining off-world colony, is there any end conceivable to this game of secure-and-crack leapfrog?
User avatar
Flatfingers
Vice Admiral
 
Posts: 4483
Joined: Sat Nov 24, 2012 12:45 am

Re: SHA-1 Officially Broken

Postby Basmannen » Fri Feb 24, 2017 5:38 pm

Flatfingers wrote:Moore's Law


As I understand it the end of this is coming very soon, or is already here.
A good plan, violently executed now, is better than a perfect plan next week.

In magenta we trust
User avatar
Basmannen
Commander
 
Posts: 289
Joined: Tue Mar 04, 2014 5:47 pm
Location: Sweden

Re: SHA-1 Officially Broken

Postby Flatfingers » Fri Feb 24, 2017 5:42 pm

Basmannen wrote:
Flatfingers wrote:Moore's Law


As I understand it the end of this is coming very soon, or is already here.

I remember that having been said before. ;)

What might be more accurate to say is that Moore's Law is changing from being a mostly continuous line to something that's more a series of flat lines punctuated by catastrophic bursts of improvement. You're certainly right that it's harder to predict when those will happen... but history suggests that they can be counted on to happen as long as innovation is rewarded.
User avatar
Flatfingers
Vice Admiral
 
Posts: 4483
Joined: Sat Nov 24, 2012 12:45 am

Re: SHA-1 Officially Broken

Postby Cornflakes_91 » Sat Feb 25, 2017 6:57 am

Moores law is coming to an end with silicon based conventional electronics, but there are many avenues that all could bring a renewal of it (or a new, equivalent law) based on the new techniques.
User avatar
Cornflakes_91
Admiral
 
Posts: 9043
Joined: Wed Mar 06, 2013 1:53 am
Location: Austria

Re: SHA-1 Officially Broken

Postby DWMagus » Sat Feb 25, 2017 9:55 am

Spent all my Friday dealing with this at work. :|

Not because of us specifically, but because of 'certain' vendors.
Image
Early Spring - 1055: Well, I made it to Boatmurdered, and my initial impressions can be set forth in three words: What. The. F*ck.
User avatar
DWMagus
Moderator
 
Posts: 5070
Joined: Wed Dec 05, 2012 3:25 pm
Location: Denver, CO, United States

Re: SHA-1 Officially Broken

Postby Silverware » Sat Feb 25, 2017 2:35 pm

Cornflakes_91 wrote:Moores law is coming to an end with silicon based conventional electronics, but there are many avenues that all could bring a renewal of it (or a new, equivalent law) based on the new techniques.


Moore's Law was coming to an end a decade and a half ago, it's well and truly dead now.
However that doesn't concern me too much. What concerns me is the lack of a fourth gen programming language, something high level enough to remove idiots from programming in shitty languages like Java.

It's those idiots who were making Moore's Law a requirement.
ᕕ(ಠ‸ಠ)⊃━☆゚.*・。゚
Image
User avatar
Silverware
Vice Admiral
 
Posts: 2800
Joined: Sun Sep 07, 2014 3:23 pm
Location: Goattown-Three, Sigma Six, Goat Space

Re: SHA-1 Officially Broken

Postby Cornflakes_91 » Sat Feb 25, 2017 2:46 pm

Silverware wrote:Moore's Law was coming to an end a decade and a half ago, it's well and truly dead now.


Spoiler:      SHOW
Image

Image


yep, totally died fifteen years ago :D
Last edited by Cornflakes_91 on Sat Feb 25, 2017 2:58 pm, edited 1 time in total.
User avatar
Cornflakes_91
Admiral
 
Posts: 9043
Joined: Wed Mar 06, 2013 1:53 am
Location: Austria

Re: SHA-1 Officially Broken

Postby Silverware » Sat Feb 25, 2017 2:53 pm

Cornflakes_91 wrote:
Silverware wrote:Moore's Law was coming to an end a decade and a half ago, it's well and truly dead now.


Spoiler:      SHOW
Image

Image


yep, totally died fifteen years ago :D


Calc/Sec/Dollar sure, but Calc/Sec is a different graph altogether.
And its pure power I was talking about.
ᕕ(ಠ‸ಠ)⊃━☆゚.*・。゚
Image
User avatar
Silverware
Vice Admiral
 
Posts: 2800
Joined: Sun Sep 07, 2014 3:23 pm
Location: Goattown-Three, Sigma Six, Goat Space

Re: SHA-1 Officially Broken

Postby Cornflakes_91 » Sat Feb 25, 2017 2:58 pm

Silverware wrote:
Cornflakes_91 wrote:
Silverware wrote:Moore's Law was coming to an end a decade and a half ago, it's well and truly dead now.


Spoiler:      SHOW
Image

Image


yep, totally died fifteen years ago :D


Calc/Sec/Dollar sure, but Calc/Sec is a different graph altogether.
And its pure power I was talking about.


Spoiler:      SHOW
Image

Image


stupid forum software doesnt like svg graphics. fix'd it in the post.
User avatar
Cornflakes_91
Admiral
 
Posts: 9043
Joined: Wed Mar 06, 2013 1:53 am
Location: Austria

Re: SHA-1 Officially Broken

Postby Damocles » Sun Feb 26, 2017 2:18 am

At the end of the days, the only 100% secure encryption is a properly applied One-Time-Pad.
User avatar
Damocles
Lieutenant Commander
 
Posts: 116
Joined: Thu Jan 12, 2017 4:09 pm

Re: SHA-1 Officially Broken

Postby Cornflakes_91 » Sun Feb 26, 2017 5:35 am

Damocles wrote:At the end of the days, the only 100% secure encryption is a properly applied One-Time-Pad.


No encryption a legitimate user can decrypt is 100% secure.
It just takes longer to bruteforce the key.
User avatar
Cornflakes_91
Admiral
 
Posts: 9043
Joined: Wed Mar 06, 2013 1:53 am
Location: Austria

Re: SHA-1 Officially Broken

Postby Damocles » Sun Feb 26, 2017 6:04 am

A one time pad (when created and handled properly, and the key is not stolen) cannot be decrypted by any brute force.

But beeing a symmetric-key encryption, its not very practical. (you need to share the key safely by physical means at one point)
But if you just want to send once an important message, you can be sure, than the message cannot be decrypted when intercepted.
User avatar
Damocles
Lieutenant Commander
 
Posts: 116
Joined: Thu Jan 12, 2017 4:09 pm

Re: SHA-1 Officially Broken

Postby Cornflakes_91 » Sun Feb 26, 2017 6:12 am

Damocles wrote:A one time pad (when created and handled properly, and the key is not stolen) cannot be decrypted by any brute force.


The legitimate user has to have a key, with enough time you can try out all the possible keys and encounter the proper one along the way.

You may not be able to tell which key was the correct one, though.
User avatar
Cornflakes_91
Admiral
 
Posts: 9043
Joined: Wed Mar 06, 2013 1:53 am
Location: Austria

Next

Return to Everything & Anything



Who is online

Users browsing this forum: Detritus, Grumblesaur and 2 guests