Faster Computation Will Damage the Internet's Integrity

Faster Computation Will Damage the Internet's Integrity.

-- Tom

 

That's fine. SHA1 has already been replaced by SHA2, which hasn't been shown to have the same weaknesses that MD5 (SHA1 is based on MD5) has. SHA3 is already out and, while not ready for adoption, wouldn't have any of those weaknesses either.

 

SHA-2 is also based on MD5. SHA-1 and SHA-2 both use the same Merkle-Damgard construction. That's why they held the SHA-3 competition in the first place -- since SHA-1 had some flaws, they figured these same flaws would affect SHA-2 within the next few years. It turns out that SHA-2 has held up better than they thought back in 2007.

True, but you have to remember that transitioning is not trivial. A lot of hardware has MD5 and SHA-1 baked in. Most websites don't even support TLS 1.2, even though it has been out for many years. If it takes them this long to transition to TLS 1.2, I can imagine how long it will take them to transition to SHA-3.

 

Yes, this is true. But none of the attacks have been shown to work with SHA2 to date. So while they did assume the same attacks would extend to SHA2 and they may very well do so it's never actually been proven/ shown.

Right, I agree. But SHA2 is still strong.