Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Re: Please remove Bitcoin from Sourceforge.net
by
twobits
on 18/08/2011, 04:32:59 UTC
Quote from: EricJ2190 on August 18, 2011, 04:23:03 AM
Quote from: twobits on August 18, 2011, 02:42:40 AM
Quote from: EricJ2190 on August 18, 2011, 02:01:44 AM
Quote from: twobits on August 18, 2011, 01:32:56 AM
sha-1 was broken about six years ago now, and even if it was not, whatever has it being used could be  broken tomorrow.  So always better for something important to use two very different hashes. The link to those hashes is not obvious at all from the link to the downloads on the main page.  A link to them should be added.
SHA-1 is not broken. It is also highly unlikely it will go from where it stands now to completely broken and unusable for this purpose overnight. That said, I would be in favor of also signing a stronger hash. It is good to stay ahead.
It is broken.  Think it was in '05.  I remember it being a Chinese paper that showed this.   If really need be I can probably dig up the links.

I assume you are referring to this: Collision Search Attacks on SHA1

This only demonstrates a collision of SHA1 with a reduced number of rounds. Their research does reduce the complexity of an attack on full the 80-round SHA1, but not enough that anyone has been able to produce a full collision.

Scary stuff, and a very good reason to move to something better, but, at least for now, an attacker can't tamper with a file without changing the SHA1 hash.

By the way, I am using the term "broken" to mean that actual collisions have been found or could reasonably be found with current technology. If you use "broken" to mean that there is a known attack faster than a birthday attack, then SHA1 is definitely broken.

That is the right authors, but not the later paper,  they have another one that shows it to be much weaker yet.  Came out about 3 or 4 months later.  Unfortunately, the authors got denied a visa to present it at a conference in the USA.  It would not surprise me to learn they are further along with this now, but have stopped the English papers.    It is not recommended to use sha-1 in any new projects any more.  I personally would use two very different hashing algos to publish official binaries for  something like bitcoins.


I do think we may be using different definitions,  I think you are talking about what I would call cracked, and it is not cracked yet in any public papers I know of.