Wednesday, February 16, 2005

SHA-1 Broken

Schneier reports that SHA-1 has been broken. If true, this is an enormous deal - it could have very real security implications on tons of applications.

Of course, you have to wonder if the NSA knew about this years ago.

1 comment:

  1. I guess I'm not sure what the advantage to an intelligence gathering organization would be. Being able to break SHA-1 would give an entity the ability to forge digital signatures, but it does not provide someone the ability to break a cipher. Further, in their role of information assurance, you'd think they'd be responsible for informing our country's economic infrastructure that SHA-1 was broken.

    Still, I wouldn't be suprised if they knew.