Post yfw SHA-1 is no moar.
shattered.it
Post yfw SHA-1 is no moar
Alexander Martinez
Other urls found in this thread:
shattered.io
en.wikipedia.org
twitter.com
Aiden Ward
>theoretical attacks have been known since 2005
>officially deprecated by NIST in 2011
well, just a matter of time
Camden Russell
Henry Jenkins
>officially deprecated by NIST in 2011
And people still use this thing after this?
Noah Cox
if you check all 3 sha-1 sha-256 and md5 how fucked are you?
Gabriel Jenkins
So what you're saying is that if someone is intercepting messages between my ISP and me and leased time on a supercomputer it's possible that 500 hours later they could give me a file that my browser thought was the correct file but actually wasn't? Zounds!
Bentley Sanchez
MD5 was defeated years back so there's no reason to bother checking it anymore. SHA1 is still moderately safe at least for the time being but you should only bother with SHA256
Dominic Hall
> they create a fake file that many people download
> send it to you
> botnet!
or
> state actors want you get into your system because you work for Hillary
> and they do
>meanwhile spread fake story how they did
Christopher Davis
>MD5 was defeated years back so there's no reason to bother checking it anymore.
but sometimes that's all you have :(
Hunter Thompson
They... get into my system by creating a hash collision? With what? The password that if they knew what it was they would already have access to my stuff?
This is all mad adorbs how security fetishists get a boner off this stuff, but only two MD5 collisions have ever been demonstrated. Just because two people in the world have the same birthday doesn't mean you've created a birthday-duping algorithm.
Cooper Thomas
MD5 was completely and thoroughly defeated. Weaknesses in MD5 have even exploited to sign malware which was used by state actors
Parker Rodriguez
SHA1 hasn't been secure for quite a while now.
Landon Campbell
No, they can't. That would require a preimage attack. This is a collision attack.
Ian Gonzalez
does the combination make it stronger tho?
Easton Davis
In the same way that adding a few sheets of silk over your kevlar vest makes it safer.
Oliver Jackson
It's a good thing linux systems download updates through insecure network then.
Ryder Myers
Nope it really only makes the computation take longer. You can use them for data corruption but they're kinda overkill for that purpose.
Jeremiah Martinez
google spider silk ballistic properties
Logan Thompson
They are currently only finding collision pairs, not collisions. Both items are created compromised. So both the "real" and "fake" hashes have to be planted rather than any item just being switched in transit.
Dylan Torres
What the fuck are you doing, paint-by-numbers ASIC design?
Leo Powell
>in practice it takes 1 year to actually shatter it
Jordan Cruz
is this pass the headphones new name?
Angel Adams
>Has this been abused in the wild?
>Not as far as we know.
>This attack required over 9,223,372,036,854,775,808 SHA1 computations. This took the equivalent processing power as 6,500 years of single-CPU computations and 110 years of single-GPU computations.
Kevin Diaz
>year of Our Lord 2017
>still not using the superior Whirlpool hash function for all your cryptographic hashing needs
John Lee
silk. not spider silk.
William Turner
Git BTFO
Ryan Morgan
>This attack required over 9,223,372,036,854,775,808 SHA1 computations. This took the equivalent processing power as 6,500 years of single-CPU computations and 110 years of single-GPU computations.
kek
Christian Lee
>tfw you use mercurial
Carson Thomas
GIDF damage control is in full effect
Luis Adams
Nothing a few asics can't knock out in a day or so.
Matthew Scott
Can this technique be leveraged to bruteforce WPA2-PSK faster since it involves 4096 rounds of SHA1?
Adrian Sanchez
I didn't mean to reply to your post. Cunt.
Kevin Davis
>Trusting NIST anything
BLAKE2, Skein, or Whirlpool only.
Camden Richardson
So buttcoin miners.
Adrian Morgan
Those were competing for the nist standard inclusion too