SHA-1 broken

From Bruce Schneier:

SHA-1 has been broken. Not a reduced-round version. Not a simplified version. The real thing.

The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu (mostly from Shandong University in China) have been quietly circulating a paper announcing their result

SHA is a US standard hash function which is used in a lot of security application. (SHA-1 is also published as RFC 3174). How bad this news depend how easily to find the collision but we dont know until the papers are made public; But according to Bruce, looks like it still requires some brute-force but just (a lot ) less of it.

Back To Top