Difference between revisions of "SHA-1"
From The ECRYPT Hash Function Website
(→General) |
(→Collision Attacks) |
||
| Line 23: | Line 23: | ||
pages = {58-71}, | pages = {58-71}, | ||
ee = {http:/springerlink.metapress.com/openurl.asp?genre=article{\&}issn=0302-9743{\&}volume=3376{\&}spage=58}, | ee = {http:/springerlink.metapress.com/openurl.asp?genre=article{\&}issn=0302-9743{\&}volume=3376{\&}spage=58}, | ||
| − | abstract = {We report on the experiments we performed in order to assess the security of SHA-1 against the attack by Chabaud and Joux [5]. We present some ideas for optimizations of the attack and some properties of the message expansion routine. Finally, we show that for a reduced version of SHA-1, with 53 rounds instead of 80, it is possible to find collisions in less than 2^80 operations.} } | + | abstract = {We report on the experiments we performed in order to assess the security of SHA-1 against the attack by Chabaud and Joux [5]. We present some ideas for optimizations of the attack and some properties of the message expansion routine. Finally, we show that for a reduced version of SHA-1, with 53 rounds instead of 80, it is possible to find collisions in less than 2^80 operations.}, |
| + | url = {http://dx.doi.org/10.1007/b105222}} | ||
</bibtex> | </bibtex> | ||
---- | ---- | ||
Revision as of 17:03, 10 March 2008
Contents
1 Specification
- digest size: 160 bits
- max. message length: < 264 bits
- compression function: 512-bit message block, 160-bit chaining variable
- Specification: FIPS 180-2 Secure Hash Standard
2 Cryptanalysis
2.1 Best Known Results
The best collision attack on full SHA-1 was published by Wang et al. It has complexity of 269 hash evaluations. The best collision example, a 70-step collision for SHA-1, was published by DeCanniere, Mendel and Rechberger.
2.2 Collision Attacks
Vincent Rijmen, Elisabeth Oswald - Update on SHA-1
- CT-RSA pp. 58-71,2005
- http://dx.doi.org/10.1007/b105222
BibtexAuthor : Vincent Rijmen, Elisabeth Oswald
Title : Update on SHA-1
In : CT-RSA -
Address :
Date : 2005
2.3 Preimage Attacks
- We are not aware of any articles w.r.t. preimage attacks on SHA-1.
2.4 Others
3 eHash Recommendation (optional) or eHash Opinion
Something like: SHA-1 is considered to be broken. Please do not incorporate SHA-1 in new application any longer. Try to migrate to another hash function.
