Not long after md5, the computation progress has made another victim.
Last week, it was made public that the SHA-1 hash function should be now considered vulnerable. The discovery bring up that the computation to create a collision hash has been dramaticaly reduced. As a consequence, the SHA-1 function can’t warranty anymore the uniquity – and so the integrity – of the hashed object.
There are a few ressources :
This is the natural evolution of cryptography. Stronger cryptography is required against stronger CPU power. In this race, it is now suggested to migrate to SHA-2 whose digest lenghts range from 224 to 512 bits (instead of 160 bits for SHA-1). And until next time, where we will be urged to migrate to SHA-3 ;)
Debian, whose infrastructure was based on SHA-1 (package management, development) is quickly migrating all its keys right now. The procedure the Debian people should follow implies a transition period, where the new key will be signed with the former key, until the latter is revoked. Thus until all peers are updated too, to avoid breaking all the signing infrastruture.
Myself, I ugraded my keys from DSA/1024 bits to RSA/4096 bits (with SHA-2 hashing), so it should be ok for a while. You will find my new key here or linked from the contact page.
MD5 was found vulnerable a few years ago. Recently, a team succeeded in producing a fake CA SSL certificate.
MD5 or SHA-1 is the algorithm used to authenticate the peer in SSL messages. If it gets compromised, and using various combined technics, it becomes possible to do a MiM attack.
But too much noise has been made about it. There is a nice reaction.
Indeed, it still requires a lot of efforts and conditions for the attack to be possible. And the CPU power is still huge : the researchers used not less than a cluster of 200 PS3 to drive the attack. Even with that hardware and engineering, it took until 3 days of intensive computation.
Not everyone can afford it, nor would have much motivation to attack a single user like this.
Security has always been a compromise between usuability and risk. Today, the risk concerning MD5 is still low enough to stop this wind of panic.
Let’s begin the migration to SHA-1 quietly.
Some Md5 password implementation – without a salt, become more insecure than ever. There is an issue right now with WordPress, I hope they will fix it soon !
Check this interesting article.
No need to take out your rainbow tables anymore, just google your hash ! I hope your password is strong enough…
You could also use one of these :