I come to bury SHA1, not to praise it

Most cryptography is theoretical research. When it is no longer theoretical, in practice it can become a harmful exploit.

Google and Dutch research institute CWI proved that the SHA1 hash method, first introduced 20 years ago, could produce a duplicate hash from different documents using a technique that consumed significant computational resources: 6,500 years of CPU computation to complete the attack first phase and 110 years of GPU computation to complete the second phase. The exercise was computationally intensive but proved it is within the realm of possibility, especially compared to a brute force attack that would require 12 million GPU compute years.

To read this article in full or to leave a comment, please click here

Network World Security