Return to “Everything & Anything”

Post

SHA-1 Officially Broken

#1
(Random, interesting tidbit)
The day has finally come. SHA-1 collision is feasible (well, with quite some resources, but still)!

https://shattered.io/

Now, not really much need to be alarmed, SHA-1 has been known to be 'not good enough' for a long time; those who are still using it are knowingly playing with fire. Everyone should be using at least SHA256 when security is required.

Which brings us to the real question...when will SHA256 fall? :geek: That will be a scary day indeed if it comes sooner than expected :ghost:
“Whether you think you can, or you think you can't--you're right.” ~ Henry Ford
Post

Re: SHA-1 Officially Broken

#2
All encryption will fall eventually, if it can go backwards through any method at all, then it can and (given time+resources) will be broken.

This is both cool, and fun news though. Lets me throw it in the face of a customer who still uses Sha1 :V

Code: Select all

<+BMRX> Silver Invokes Lewdly Verbose Experiences Readily With Absurd Rectal Expeditions
Image
Image
Post

Re: SHA-1 Officially Broken

#3
I suspect we will be discussing this on Monday where I work.

Just in case.

And certainly SHA256 will also fall at some point; Moore's Law will inevitably catch up to it. (As it will Bitcoin miners.) The question is whether something better will have been created in a standardized and reasonably simple to adopt format before then.

And then we'll have ANOTHER round of "OMG time to replace all our certs and test all our interfaces."

Assuming SMOD doesn't put us all out of our misery because we were too stupid to establish a self-sustaining off-world colony, is there any end conceivable to this game of secure-and-crack leapfrog?
Post

Re: SHA-1 Officially Broken

#5
Basmannen wrote:
Flatfingers wrote:Moore's Law
As I understand it the end of this is coming very soon, or is already here.
I remember that having been said before. ;)

What might be more accurate to say is that Moore's Law is changing from being a mostly continuous line to something that's more a series of flat lines punctuated by catastrophic bursts of improvement. You're certainly right that it's harder to predict when those will happen... but history suggests that they can be counted on to happen as long as innovation is rewarded.
Post

Re: SHA-1 Officially Broken

#8
Cornflakes_91 wrote:Moores law is coming to an end with silicon based conventional electronics, but there are many avenues that all could bring a renewal of it (or a new, equivalent law) based on the new techniques.
Moore's Law was coming to an end a decade and a half ago, it's well and truly dead now.
However that doesn't concern me too much. What concerns me is the lack of a fourth gen programming language, something high level enough to remove idiots from programming in shitty languages like Java.

It's those idiots who were making Moore's Law a requirement.

Code: Select all

<+BMRX> Silver Invokes Lewdly Verbose Experiences Readily With Absurd Rectal Expeditions
Image
Image
Post

Re: SHA-1 Officially Broken

#10
Cornflakes_91 wrote:
Silverware wrote: Moore's Law was coming to an end a decade and a half ago, it's well and truly dead now.
Spoiler:      SHOW
Image Image
yep, totally died fifteen years ago :D
Calc/Sec/Dollar sure, but Calc/Sec is a different graph altogether.
And its pure power I was talking about.

Code: Select all

<+BMRX> Silver Invokes Lewdly Verbose Experiences Readily With Absurd Rectal Expeditions
Image
Image
Post

Re: SHA-1 Officially Broken

#11
Silverware wrote:
Cornflakes_91 wrote:
Silverware wrote: Moore's Law was coming to an end a decade and a half ago, it's well and truly dead now.
Spoiler:      SHOW
Image Image
yep, totally died fifteen years ago :D
Calc/Sec/Dollar sure, but Calc/Sec is a different graph altogether.
And its pure power I was talking about.
Spoiler:      SHOW
Image Image
stupid forum software doesnt like svg graphics. fix'd it in the post.
Post

Re: SHA-1 Officially Broken

#14
A one time pad (when created and handled properly, and the key is not stolen) cannot be decrypted by any brute force.

But beeing a symmetric-key encryption, its not very practical. (you need to share the key safely by physical means at one point)
But if you just want to send once an important message, you can be sure, than the message cannot be decrypted when intercepted.

Online Now

Users browsing this forum: No registered users and 1 guest