intertwingly

It’s just data

SHA-1 "Broken"


It has been nearly six months since the Collision in MD5 was found, and now the alert is being sounded that SHA1 is "broken".

To put this in perspective, what is being said is that while the original standard required over one septillion hash operations to find a collision, some researchers believe they have found a way to reduce this to under 600 quintillion hash operations.  A 99.95% reduction.

At one hash operation per nanosecond, a collision can be found in less than twenty millennia.  Clearly not quick enough to be able to intercept credit card transactions over the web, but closer to a point where a array of machines could attack a specific document.

I would presume that the bigger concern isn't that a given collision could be found within a matter of years, but that in the upcoming months and years that another 99.95% reduction will be found, and then another...