Forums
Main Category
General (Technical,...
SHA-1 broken?
 
Notifications
Clear all

SHA-1 broken?

 
General (Technical, Procedural, Software, Hardware etc.)
Last Post by Jamie 19 years ago
4 Posts
4 Users
0 Likes
325 Views
RSS
neddy
 neddy
(@neddy)
Posts: 182
Estimable Member
Topic starter
 

http://it.slashdot.org/article.pl?sid=05/02/16/0146218&from=rss

 
Posted : 16/02/2005 12:29 pm
keydet89
 keydet89
(@keydet89)
Posts: 3568
Famed Member
 

I'm not entirely sure that I see the point to this sort of thing. Sure, SHA-1 has been "broken"…but so what? The same holds true with MD5 hashes…again, so what?

When looking at this, one has to also consider how the hashes are used. For example, one use of the hahes is to calculate mathematic fingerprints for a file. Okay, so one might say that those fingerprints are now suspect. I have to ask…how so?

When calculating mathematic fingerprints for a file, many tools use both MD5 and SHA1 hashes. In addition, specific information (i.e., file size, location, etc.) is also collected from the file. So…when considering if this is an issue or not, think about this…what are the chances that someone is capable of modifying the file so that both algorithms return the same hashes as that of the previous file, without modifying the file size, and that the file itself is still functional (for binaries)?

I'd say that the answer to that is extremely slim to none.

H. Carvey
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com

 
Posted : 16/02/2005 2:29 pm
 pestewart
(@pestewart)
Posts: 2
New Member
 

From the point of view of keydet89, I agree.

However if we back away from the process of digital forensics for a moment and look at security in general, I see a huge issue. For example, many vpn's today use a sha-1 algorithm for the ike authentication process. If the hash could in fact be reversed, it may be possible to obtain the original key, or at least a key that could produce the same hash. This is more of a security in general issue than a forensic issue. Sha-1 is a hash algorithm used not only by forensic analysis, but also many other areas where security is required. Although this has less of an impact on the forensic community than the broader security community we must take note. If the allegations about sha-1 are true, then we must widen our scope of potential possiblities when doing our analysis.

 
Posted : 18/02/2005 2:33 am
Jamie
 Jamie
(@jamie)
Posts: 1288
Moderator
 

Yes, this is an interesting topic and one generating some lively discussion on the larger forensic lists. For now (being a bit pushed for time) I'll just take this opportunity to welcome pestewart to the Forensic Focus forums.

Cheers,

Jamie

 
Posted : 21/02/2005 9:45 pm
Forum Jump:
  Previous Topic
Next Topic  
Share: