Tuesday, 10 January 2012

SHA-1 countdown...

If you are into security then you will probably have already found, (or know) Valerie Aurora, and if you are not then this might not interest you. I was reading some of her stuff and loved this, (so much that I stole^wadapted it.) So, thank you Valerie for:


Life cycles of popular cryptographic hashes (the "Breakout" chart)
Function\Year90919293949596 979899000102030405 06070809
Snefru
MD4
MD5
MD2
RIPEMD
HAVAL-128
SHA-0
SHA-1
RIPEMD-128 [1]
RIPEMD-160
SHA-2 family
KeyUnbrokenWeakenedBroken
[1] Note that 128-bit hashes are at best 2^64 complexity to break;
using a 128-bit hash is irresponsible based on sheer digest length.


So this post may be more of a bookmark than information. Actually I found this wonderful representation  through her blog.valerieaurora.org. I'm sure that there are others that would like to see an updated page with the addition of all of the entries from The Hash Function Lounge.

I remember when MD5 fell and we created our own x509 root certificate. I'm still waiting, like a child waiting for Christmas morning, for SHA-1 to publically fall.

So how many of you have noticed that in 1996 RIPEMD was being attacked and RIPEMD-160 was being created. This seems logical as the attack and development were neither secret. (What is he on about? I'll tell you ;-)

So let us look at the year that SHA-0 was publicly attacked... and the year that its replacement came out... 1995. Four years is a long time in the cryptographic hashes world, (MD4 and HAVAL-128 went from Unbroken to Broken in that time!)

Now I'm not a conspiracy nut (obviously) so I'm not suggesting that the NSA already knew about the vulnerability and did not announce it. The question is... when will the NSA files leak^wdeclasification reveal the time and date that they broke each hash function. (In the UK it is about 30 years for most files, which seems reasonable, but who knows for those over at Fort Meade.)

That reminds me - I must check on my bees.






No comments:

Post a Comment

About this blog

Sort of a test blog... until it isn't