A while back, I talked about how cracks were forming in the MD5 hash algorithm, and spoke a bit of my solution to this:
As for my immediate problem, I’ll be switching my hash algorithm to SHA-1, since it’s a 160 bit cipher, there are lots of readily available implementations, and as far as anyone knows, it’s never been weakened.
And today? This:
SHA-1 has been broken. Not a reduced-round version. Not a simplified version. The real thing.
The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu (mostly from Shandong University in China) have been quietly circulating a paper describing their results:
This attack builds on previous attacks on SHA-0 and SHA-1, and is a major, major cryptanalytic result. It pretty much puts a bullet into SHA-1 as a hash function for digital signatures.