SHA-1 problems

unhash: a program for finding collisions in SHA-1 and MD5

ACM Technews on the breaking of SHA-1. I don't believe that SHA-1 is an "encryption" algorithm though - I think it's more of a "cryptographic hash" or "digest" algorithm, which you can think of as a checksum on steroids.

I'd like to point out that although fallback-reboot is (largely "was") coded to use SHA-1 for a Challenge-Response authentication system, it's written using the openssl EVP digest functions, so it should be extremely easy to change fallback-reboot to use a different hash algorithm when the time comes.

Slashdot article on the breaking of SHA-1

SHA-1 broken:

>You may view the following link to read more about this issue:
>http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
>  
>
Hmm, how many hash operations per second is realistic? If you do one 
every microsecond on a million nodes you still need several years to do 
2**69 operations...
This of course is much less than the several ten thousend years as it 
was before and indeed significant for long term signatures, but IMHO 
still good enough for "everyday life" in e-commerce. But it's already a 
close call. If someone else can reduce it by a few more bits the 
algorithm is gone for good!
So if this is confirmed we'd better look for new algorithms.

Apparently there are more effective versions of SHA in the openssl 0.9.8 development tree, including SHA-256, SHA-384 and SHA-512.

Fedora Core 3 appears to include M2Crypto, which includes many python wrappers for openssl/libcrypto functions, including an EVP interface. However, Redhat Enterprise Linux 3 does not appear to. I'm not 100% sure yet, but preliminarily speaking, it looks like Redhat Enterprise Linux 4 won't include M2Crypto. :(

The Hash Function Lounge appears to have some pretty good information about hash functions, their designers, and their attacks

This page gives some sort of confirmation about what I was suspecting: that ripemd160 might be a suitable alternative to SHA-1. Also, ripemd160 appears to have been in OpenSSL from 0.9.6g and quite possibly earlier.

Back to Dan's tech tidbits