Difference between revisions of "SHA-1"
Npramstaller (talk | contribs) (→Collision Attacks) |
Npramstaller (talk | contribs) (→Collision Attacks) |
||
| Line 14: | Line 14: | ||
=== Collision Attacks === | === Collision Attacks === | ||
| + | |||
| + | <bibtex> | ||
| + | @inproceedings{sacryptCanniereMR07, | ||
| + | author = {Christophe De Canni{\`e}re and Florian Mendel and Christian Rechberger}, | ||
| + | title = {Collisions for 70-Step SHA-1: On the Full Cost of Collision Search}, | ||
| + | booktitle = {Selected Areas in Cryptography}, | ||
| + | year = {2007}, | ||
| + | pages = {56-73}, | ||
| + | url = {http://dx.doi.org/10.1007/978-3-540-77360-3_4}, | ||
| + | editor = {Carlisle M. Adams and Ali Miri and Michael J. Wiener}, | ||
| + | publisher = {Springer}, | ||
| + | series = {LNCS}, | ||
| + | volume = {4876}, | ||
| + | isbn = {978-3-540-77359-7}, | ||
| + | abstract = {The diversity of methods for fast collision search in SHA-1 and similar hash functions makes a comparison of them difficult. The literature is at times very vague on this issue, which makes comparison even harder. In situations where differences in estimates of attack complexity of a small factor might influence short-term recommendations of standardization bodies, uncertainties and ambiguities in the literature amounting to a similar order of magnitude are unhelpful. We survey different techniques and propose a simple but effective method to facilitate comparison. In a case study, we consider a newly developed attack on 70-step SHA-1, and give complexity estimates and performance measurements of this new and improved collision search method.}, | ||
| + | } | ||
| + | </bibtex> | ||
<bibtex> | <bibtex> | ||
Revision as of 07:36, 11 March 2008
Contents
1 Specification
- digest size: 160 bits
- max. message length: < 264 bits
- compression function: 512-bit message block, 160-bit chaining variable
- Specification: FIPS 180-2 Secure Hash Standard
2 Cryptanalysis
2.1 Best Known Results
The best collision attack on full SHA-1 was published by Wang et al. It has complexity of 269 hash evaluations. The best collision example, a 70-step collision for SHA-1, was published by DeCanniere, Mendel and Rechberger.
2.2 Collision Attacks
Christophe De Canni\`ere, Florian Mendel, Christian Rechberger - Collisions for 70-Step SHA-1: On the Full Cost of Collision Search
- Selected Areas in Cryptography 4876:56-73,2007
- http://dx.doi.org/10.1007/978-3-540-77360-3_4
BibtexAuthor : Christophe De Canni\`ere, Florian Mendel, Christian Rechberger
Title : Collisions for 70-Step SHA-1: On the Full Cost of Collision Search
In : Selected Areas in Cryptography -
Address :
Date : 2007
Christophe De Canni\`ere, Christian Rechberger - Finding SHA-1 Characteristics: General Results and Applications
- ASIACRYPT 4284:1-20,2006
- http://dx.doi.org/10.1007/11935230_1
BibtexAuthor : Christophe De Canni\`ere, Christian Rechberger
Title : Finding SHA-1 Characteristics: General Results and Applications
In : ASIACRYPT -
Address :
Date : 2006
Charanjit S. Jutla, Anindya C. Patthak - Provably Good Codes for Hash Function Design
- Selected Areas in Cryptography 4356:376-393,2006
- http://dx.doi.org/10.1007/978-3-540-74462-7_26
BibtexAuthor : Charanjit S. Jutla, Anindya C. Patthak
Title : Provably Good Codes for Hash Function Design
In : Selected Areas in Cryptography -
Address :
Date : 2006
Norbert Pramstaller, Christian Rechberger, Vincent Rijmen - Impact of Rotations in SHA-1 and Related Hash Functions
- Selected Areas in Cryptography 3897:261-275,2005
- http://dx.doi.org/10.1007/11693383_18
BibtexAuthor : Norbert Pramstaller, Christian Rechberger, Vincent Rijmen
Title : Impact of Rotations in SHA-1 and Related Hash Functions
In : Selected Areas in Cryptography -
Address :
Date : 2005
Vincent Rijmen, Elisabeth Oswald - Update on SHA-1
- CT-RSA pp. 58-71,2005
- http://dx.doi.org/10.1007/b105222
BibtexAuthor : Vincent Rijmen, Elisabeth Oswald
Title : Update on SHA-1
In : CT-RSA -
Address :
Date : 2005
2.3 Preimage Attacks
- We are not aware of any articles w.r.t. preimage attacks on SHA-1.
2.4 Others
Akashi Satoh - Hardware Architecture and Cost Estimates for Breaking SHA-1
- ISC 3650:259-273,2005
- http://dx.doi.org/10.1007/11556992_19
BibtexAuthor : Akashi Satoh
Title : Hardware Architecture and Cost Estimates for Breaking SHA-1
In : ISC -
Address :
Date : 2005
3 eHash Recommendation (optional) or eHash Opinion
Something like: SHA-1 is considered to be broken. Please do not incorporate SHA-1 in new application any longer. Try to migrate to another hash function.
