Thursday, February 17, 2005

SHA-1 hashing algorithim broken

The Register is reporting that a successful attack against SHA-1 has been found by cryptography researchers in the U.S. and in China, which makes it possible to mount a successful brute-force attack against the algorithim.

However things aren't as bad as they seem, as it's only just about possible to mount the attack with the most powerful machines available today. Although it does mean that the algorithim is no longer beyond the reach of current supercomputers, so if you want your digital signature to be secure against a major government, or an academic with too much time on their hands, then it's time to look elsewhere.

Update: There is a Slashdot story on this one which has some more links and predictably quite a lot of discussion, some of it even makes sense.