undefined | Better HN

0 pointspawadu8y ago0 comments

Here is my problem with this statement: SHA-1 can be used in different configurations for different applications. Some are secure, some are not.

People making these blanket statement very clearly demonstrate that they don't understand security and cryptography. Do you really want to use a security tool written by such people?

https://plus.google.com/+LinusTorvalds/posts/7tp2gYWQugL

0 comments

CJefferson8y ago

I disagree with Linus here -- there are hashes which are secure in all ways, and hashes which are broken, like SHA1. Why try to figure out where SHA1 is safe?

Also, git's use of SHA1 is completely broken, it's just that no-one (that we know of) has chosen to spend the money required to make evil git repositories (you can't just take existing collisions and use them in git, you would have to go find git-specific ones).

breser8y ago

You'd have to find collisions that are of an identical length and still be useful (i.e. able to do something evil rather than just being a bunch of random data). The current techniques for creating collisions in SHA1 don't make it possible to find identical length collisions. So your statement that nobody has bothered to spend the money to create the collisions is not correct.

Now if you want to say that nobody has spent the time to find a technique to produce identically sized collisions, that would be correct. But that's far from trivial and we don't know that such a technique is guaranteed to exist.

CJefferson8y ago

I think you are behind the times. There is already pairs of identical SHA1s, that do "interesting things", like these two PDFs by Google (and others): http://shattered.io/. Both 422435 bytes.

1 more reply

j / k navigate · click thread line to collapse

0 pointspawadu8y ago0 comments

Here is my problem with this statement: SHA-1 can be used in different configurations for different applications. Some are secure, some are not.

People making these blanket statement very clearly demonstrate that they don't understand security and cryptography. Do you really want to use a security tool written by such people?

https://plus.google.com/+LinusTorvalds/posts/7tp2gYWQugL

0 comments

CJefferson8y ago

I disagree with Linus here -- there are hashes which are secure in all ways, and hashes which are broken, like SHA1. Why try to figure out where SHA1 is safe?

breser8y ago

CJefferson8y ago

I think you are behind the times. There is already pairs of identical SHA1s, that do "interesting things", like these two PDFs by Google (and others): http://shattered.io/. Both 422435 bytes.

1 more reply

j / k navigate · click thread line to collapse