Difference between revisions of "SHA-1"
From The ECRYPT Hash Function Website
Npramstaller (talk | contribs) (→Others) |
Npramstaller (talk | contribs) (→Collision Attacks) |
||
| Line 29: | Line 29: | ||
isbn = {3-540-49475-8}, | isbn = {3-540-49475-8}, | ||
abstract = {The most efficient collision attacks on members of the SHA family presented so far all use complex characteristics which were manually constructed by Wang et al. In this report, we describe a method to search for characteristics in an automatic way. This is particularly useful for multi-block attacks, and as a proof of concept, we give a two-block collision for 64-step SHA-1 based on a new characteristic. The highest number of steps for which a SHA-1 collision was published so far was 58. We also give a unified view on the expected work factor of a collision search and the needed degrees of freedom for the search, which facilitates optimization.}, | abstract = {The most efficient collision attacks on members of the SHA family presented so far all use complex characteristics which were manually constructed by Wang et al. In this report, we describe a method to search for characteristics in an automatic way. This is particularly useful for multi-block attacks, and as a proof of concept, we give a two-block collision for 64-step SHA-1 based on a new characteristic. The highest number of steps for which a SHA-1 collision was published so far was 58. We also give a unified view on the expected work factor of a collision search and the needed degrees of freedom for the search, which facilitates optimization.}, | ||
| + | } | ||
| + | </bibtex> | ||
| + | |||
| + | <bibtex> | ||
| + | @inproceedings{sacryptPramstallerRR05a, | ||
| + | author = {Norbert Pramstaller and Christian Rechberger and Vincent Rijmen}, | ||
| + | title = {Impact of Rotations in SHA-1 and Related Hash Functions}, | ||
| + | booktitle = {Selected Areas in Cryptography}, | ||
| + | year = {2005}, | ||
| + | pages = {261-275}, | ||
| + | url = {http://dx.doi.org/10.1007/11693383_18}, | ||
| + | editor = {Bart Preneel and Stafford E. Tavares}, | ||
| + | publisher = {Springer}, | ||
| + | series = {LNCS}, | ||
| + | volume = {3897}, | ||
| + | isbn = {3-540-33108-5}, | ||
| + | abstract = {SHA-1 uses a single set of rotation constants within the compression function. However, most other members of the MD4 family of hash functions use multiple sets of rotation constants, i.e. the rotation amounts change with the step being processed. To our knowledge, no design rationales on the choice of rotation constants are given on any of these hash functions. This is the first paper that analyzes rotations in iterated hash functions. We focus on SHA-1-like hash functions and use recent developments in the analysis of these hash functions to evaluate the security implications of using multiple sets of rotation constants in the compression function instead of a single set. Additionally, we give some observations on the set of constants used in SHA-0 and SHA-1.}, | ||
} | } | ||
</bibtex> | </bibtex> | ||
Revision as of 07:33, 11 March 2008
Contents
1 Specification
- digest size: 160 bits
- max. message length: < 264 bits
- compression function: 512-bit message block, 160-bit chaining variable
- Specification: FIPS 180-2 Secure Hash Standard
2 Cryptanalysis
2.1 Best Known Results
The best collision attack on full SHA-1 was published by Wang et al. It has complexity of 269 hash evaluations. The best collision example, a 70-step collision for SHA-1, was published by DeCanniere, Mendel and Rechberger.
2.2 Collision Attacks
Christophe De Canni\`ere, Christian Rechberger - Finding SHA-1 Characteristics: General Results and Applications
- ASIACRYPT 4284:1-20,2006
- http://dx.doi.org/10.1007/11935230_1
BibtexAuthor : Christophe De Canni\`ere, Christian Rechberger
Title : Finding SHA-1 Characteristics: General Results and Applications
In : ASIACRYPT -
Address :
Date : 2006
Norbert Pramstaller, Christian Rechberger, Vincent Rijmen - Impact of Rotations in SHA-1 and Related Hash Functions
- Selected Areas in Cryptography 3897:261-275,2005
- http://dx.doi.org/10.1007/11693383_18
BibtexAuthor : Norbert Pramstaller, Christian Rechberger, Vincent Rijmen
Title : Impact of Rotations in SHA-1 and Related Hash Functions
In : Selected Areas in Cryptography -
Address :
Date : 2005
Vincent Rijmen, Elisabeth Oswald - Update on SHA-1
- CT-RSA pp. 58-71,2005
- http://dx.doi.org/10.1007/b105222
BibtexAuthor : Vincent Rijmen, Elisabeth Oswald
Title : Update on SHA-1
In : CT-RSA -
Address :
Date : 2005
2.3 Preimage Attacks
- We are not aware of any articles w.r.t. preimage attacks on SHA-1.
2.4 Others
Akashi Satoh - Hardware Architecture and Cost Estimates for Breaking SHA-1
- ISC 3650:259-273,2005
- http://dx.doi.org/10.1007/11556992_19
BibtexAuthor : Akashi Satoh
Title : Hardware Architecture and Cost Estimates for Breaking SHA-1
In : ISC -
Address :
Date : 2005
3 eHash Recommendation (optional) or eHash Opinion
Something like: SHA-1 is considered to be broken. Please do not incorporate SHA-1 in new application any longer. Try to migrate to another hash function.
