Senior Post Whore
After reading your ref, and then finding a couple more, I follow what is going on. One would think though that all that related info should be accessible from the project page on the respective boinc project web page. The SHA-1 is going to be replaced anyway according to the references. So this is different than the earlier project that Steve Lux was referencing.Originally Posted by Nflight
Last edited by Brucifer; 11-01-2007 at 06:03 AM.
Member
The Secure Hash Algorithm SHA-1 was long suspected of being weak, and was proven so in 2005 when Chinese researchers found a way to break it with about 2000 times less effort than brute force. So what good does it do to search for collisions when it is already known to be weak?
Smart security people have already switched to better hash algorithms. So the only use I can think of for finding SHA-1 collisions is to attack older systems that still use SHA-1. Or to attack old messages that have been archived.
Hash algorithms are generally used to prevent (undetected) modification of messages, as compared to encryption preventing (unauthorized) reading of messages. If it takes 5 or 20 years to decrypt a message, chances are good that the message is no longer secret by then. But if hashing authenticates some historical evidence, and breaking the hash function provides a way to tamper with the evidence, that could be bad, I think, because there is no time limit in most cases.
In any case, I would not help a foreign country with a cryptographic research project. There might be some exceptions where I knew enough about what they were doing, but for people with no cryptographic expertise, I would advise against it.
Senior Member
Posting Permissions
Reply With Quote