Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information

Do we have to move away from SHA-1 immediately

Do we have to move away from SHA-1 immediately

  • Comments 2
  • Likes

Sometimes it is interesting how certain themes keep popping up again and again. But let's start at the beginning:

For example in the field of public key cryptography we make use of so-called hash functions. A hash function is a function which turns data into a number of limited size. For example SHA-1 returns a 160-bit number. These functions (especially SHA-1) are heavily used to digitally sign messages. The core problem with those functions is collision: How likely is it that two (meaningful) messages get the same hash value? This is especially problematic as SHA-1 has only 2^160 possible results. If you need more information about hashes, look at Wikipedia at http://en.wikipedia.org/wiki/Hash_function

Now, a brief look at the theory of statistics: There is something called the Birthday Paradox (the birthday paradox states that given a group of 23 (or more) randomly chosen people, the probability is more than 50% that at least two of them will have the same birthday. For 60 or more people, the probability is greater than 99%, although it cannot actually be 100% unless there are at least 366 people. quote from http://en.wikipedia.org/wiki/Birthday_problem). If you apply this to SHA-1, you reduce the number of attacks to get a collision with more then 50% to 2^80.

Now, this was the basics. On February 13th, a team of Chinese researchers published a paper showing a weakness of SHA-1 that reduces the number of attacks needed to 2^69 (http://theory.csail.mit.edu/~yiqun/shanote.pdf)

This caused certain discussions in the crypto space. But at the end, well, we (the IT pros) have to change the hash algorithm - over time. But not now and not by tomorrow. I think that over time, it is clear that we have to move away from SHA-1 but before we do this, there has to be a consensus what the next standard shall be. Is it Nessie, is it SHA-256 or SHA-384 or SHA-512? I personally think that the situation is similar to the one regarding 3DES. It was decided to move to another symmetric algorithm and then it took some time until Blowfish was selected (and is now called AES) and now the software vendors started to migrate.

99.999% of all the applications, in my opinion, will be able to live even with the risk for a collision of 1:2^69. If you are within the remainder, then you should probably think about migrating

Roger

Comments
  • I thought that for AES Rijndael was chosen not Blowfish.

  • I think you mispelled Rijndael as Blowfish. :)

    Blowfish was indeed one of the competitors being considered for AES, but Rijndael won at the end.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment