Difference between revisions of "SHA-1"
(→Best Known Results) |
(→Cryptanalysis) |
||
Line 72: | Line 72: | ||
=== Preimage Attacks === | === Preimage Attacks === | ||
* We are not aware of any article regarding preimage attacks on SHA-1. | * We are not aware of any article regarding preimage attacks on SHA-1. | ||
+ | ---- | ||
+ | |||
+ | === Others === | ||
+ | everything that does not fit into coll/(2nd)preimage and implementation | ||
---- | ---- | ||
Revision as of 13:21, 23 October 2006
Contents
1 General
- digest size: 160 bits
- max. message length: < 264 bits
- type: iterative hash function
- compression function: 512-bit message block, 160-bit chaining variable
- Specification: FIPS 180-2 Secure Hash Standard
2 Cryptanalysis
2.1 Best Known Results
The best collision attack on full SHA-1 was published by Wang etal. It has complexity of 269 hash evaluations. The best collision example, a 64-step collision for SHA-1, was publshed by DeCanniere and Rechberger.
2.2 Collision Attacks
Mitsuhiro HATTORI, Shoichi HIROSE, Susumu YOSHIDA - Complexity of the Collision and Near-Collision Attack on SHA-0 with Different Message Schedules
- ,2004
- http://eprint.iacr.org/
BibtexAuthor : Mitsuhiro HATTORI, Shoichi HIROSE, Susumu YOSHIDA
Title : Complexity of the Collision and Near-Collision Attack on SHA-0 with Different Message Schedules
In : -
Address :
Date : 2004
Daewan Han, Sangwoo Park, Seongtaek Chee - Cryptanalysis of the Modified Version of the Hash Function Proposed at PKC'98.
- Fast Software Encryption 2002 2365:252-262,2002
- BibtexAuthor : Daewan Han, Sangwoo Park, Seongtaek Chee
Title : Cryptanalysis of the Modified Version of the Hash Function Proposed at PKC'98.
In : Fast Software Encryption 2002 -
Address :
Date : 2002
Hans Dobbertin - {Cryptanalysis Of MD4}
- Journal of Cryptology 11(4):253--271,1998
- BibtexAuthor : Hans Dobbertin
Title : {Cryptanalysis Of MD4}
In : Journal of Cryptology -
Address :
Date : 1998
Alfred J. Menezes, Paul C. van Oorschot, Scott A. Vanstone - Handbook of Applied Cryptography
Here I would list all papers that deal with SHA-1. We should also give the abstract and the bibtex entry for the corresponding paper. Additionall we should give our opinion about the attack described in the paper.
2.3 Second Preimage Attacks
- There exists a generic attack (works for all iterated hash functions). See ....
2.4 Preimage Attacks
- We are not aware of any article regarding preimage attacks on SHA-1.
2.5 Others
everything that does not fit into coll/(2nd)preimage and implementation
3 Performance Evaluation / Implementation (HW and SW)
Yong Ki Lee, Herwin Chan, Ingrid Verbauwhede - Throughput Optimized SHA-1 Architecture Using Unfolding Transformation.
- ASAP 2006 pp. 354-359,2006
- http://doi.ieeecomputersociety.org/10.1109/ASAP.2006.68
BibtexAuthor : Yong Ki Lee, Herwin Chan, Ingrid Verbauwhede
Title : Throughput Optimized SHA-1 Architecture Using Unfolding Transformation.
In : ASAP 2006 -
Address :
Date : 2006
4 eHash Recommendation (optional) or eHash Opinion
Something like: SHA-1 is considered to be broken. Please do not incorporate SHA-1 in new application any longer. Try to migrate to another hash function.