Difference between revisions of "SHA-1"
From The ECRYPT Hash Function Website
Crechberger (talk | contribs) |
Crechberger (talk | contribs) |
||
| Line 10: | Line 10: | ||
=== Best Known Results === | === Best Known Results === | ||
| − | The best collision attack on full SHA-1 was published by Wang et al. It has complexity of 2<sup>69</sup> hash evaluations. The best collision example, a 70-step collision for SHA-1, was | + | The best collision attack on full SHA-1 was published by Wang et al. It has complexity of 2<sup>69</sup> hash evaluations. The best collision example, a 70-step collision for SHA-1, was published by DeCanniere, Mendel and Rechberger. |
---- | ---- | ||
Revision as of 18:30, 6 March 2008
Contents
1 General
- digest size: 160 bits
- max. message length: < 264 bits
- compression function: 512-bit message block, 160-bit chaining variable
- Specification: FIPS 180-2 Secure Hash Standard
2 Cryptanalysis
2.1 Best Known Results
The best collision attack on full SHA-1 was published by Wang et al. It has complexity of 269 hash evaluations. The best collision example, a 70-step collision for SHA-1, was published by DeCanniere, Mendel and Rechberger.
2.2 Collision Attacks
2.3 Preimage Attacks
- We are not aware of any articles w.r.t. preimage attacks on SHA-1.
2.4 Others
3 eHash Recommendation (optional) or eHash Opinion
Something like: SHA-1 is considered to be broken. Please do not incorporate SHA-1 in new application any longer. Try to migrate to another hash function.
