Faster Computation Will Damage the Internet's Integrity

Discussion in 'other security issues & news' started by lotuseclat79, Oct 8, 2012.

Thread Status:
Not open for further replies.
  1. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,103
    Faster Computation Will Damage the Internet's Integrity.

    -- Tom
     
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    That's fine. SHA1 has already been replaced by SHA2, which hasn't been shown to have the same weaknesses that MD5 (SHA1 is based on MD5) has. SHA3 is already out and, while not ready for adoption, wouldn't have any of those weaknesses either.
     
  3. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    SHA-2 is also based on MD5. SHA-1 and SHA-2 both use the same Merkle-Damgard construction. That's why they held the SHA-3 competition in the first place -- since SHA-1 had some flaws, they figured these same flaws would affect SHA-2 within the next few years. It turns out that SHA-2 has held up better than they thought back in 2007.

    True, but you have to remember that transitioning is not trivial. A lot of hardware has MD5 and SHA-1 baked in. Most websites don't even support TLS 1.2, even though it has been out for many years. If it takes them this long to transition to TLS 1.2, I can imagine how long it will take them to transition to SHA-3.
     
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Yes, this is true. But none of the attacks have been shown to work with SHA2 to date. So while they did assume the same attacks would extend to SHA2 and they may very well do so it's never actually been proven/ shown.

    Right, I agree. But SHA2 is still strong.
     
Loading...
Thread Status:
Not open for further replies.