• Registered: 2004-08-08
  • Posts: 508

Topic: SHA1

U.S. mulls new digital signature standard

GAITHERSBURG, Md.--A team of Chinese scientists shocked the data security world this year by announcing a flaw in a widely used technique used to create and verify digital signatures in e-mail and on the Web.

Now the U.S. government is trying to figure out what to do about it.

The decade-old algorithm, called the Secure Hashing Algorithm, or SHA-1, is an official federal standard and is embedded in every modern Web browser and operating system. Any change will be expensive and time-consuming--and a poor choice by the government would mean that the successor standard may not survive another 10 years.

"We're going to have to make a decision fairly soon about where to push people," said John Kelsey of the National Institute of Standards and Technology (NIST), which convened a workshop here on the topic Monday. Even though NIST is only technically responsible for government standards-setting, Kelsey noted, "we're likely to get a lot of other people to head in that direction as well."

Full Story...

  • From: 127.0.0.1
  • Registered: 2001-11-02
  • Posts: 9,167

Re: SHA1

I get the impression people are spending more time trying to "hack" current existing algorithms than actually developing new ones.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Rickard's Website

  • Connorhd
  • Connorhd
  • Former PunBB Developer
  • Offline
  • From: Leeds, UK
  • Registered: 2004-06-13
  • Posts: 4,195

Re: SHA1

i thought the flaw was in MD5? and i thought it only made it slightly faster to bruteforce or something, nothing serious.

FluxBB.
Connorhd.co.uk.

Connorhd's Website

  • From: 127.0.0.1
  • Registered: 2001-11-02
  • Posts: 9,167

Re: SHA1

No, they've found collisions in SHA1 as well. It's nowhere as commonly recurring as MD5 though.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Rickard's Website