Questions tagged [sha-1]

SHA-1 is a hash function that is two generations old, no longer considered secure for all uses and should only be used for backward compatibility.

SHA-1 is a cryptographic hash function that is no longer considered collision-resistant and should only be used for backward compatibility.

In 2006, NIST issued a policy stating that:

"Federal agencies should stop using SHA-1 ... as soon as practical, and must use the SHA-2 family of hash functions for these applications after 2010."

Since 2012, NIST recommends that new applications should use either sha-2 or (since 2015) the new sha-3 hash function instead of SHA-1.
In 2015, the first freestart collisions in SHA-1 were found.
In early 2017, Google found a SHA-1 collision in practice with two different PDF documents that have the same hash. See also: https://shattered.io/
In 2020, Leurent et. al. showed that certificate signatures could be forged using collisions found in the SHA-1 algorithm

284 questions

votes

1 answer

How easy is it in 2022 to find a SHA1 collision?

Most of the answers I can find date to years back where the first collision(s) were found, but hardware mainly GPUs have progressed a lot in the past few years (with for example the new line of 3090s coming). How easy is it to do so right now?

sha-1

asked Apr 21 '22 at 16:00

Hormoz

votes

2 answers

Why initialize SHA1 with specific buffer?

SHA-1 is initialize with a specific buffer: h0 = 0x67452301 h1 = 0xEFCDAB89 h2 = 0x98BADCFE h3 = 0x10325476 h4 = 0xC3D2E1F0? Why?

sha-1

asked Oct 07 '13 at 14:13

juaninf

2,701
2
18
28

votes

2 answers

Why can't they just fix SHA-1 if it's broken?

Presently 160 bits of hash block width seems to provide adequate security against brute force attacks. The recent developments concerning SHA-1 have reduced the effort to force collisions by 5 orders of magnitude according to the latest Wikipedia…

sha-1

asked May 02 '17 at 22:26

Paul Uszak

15,390
2
28
77

votes

3 answers

Is Base64(SHA1(GUID)) still unique like the original GUID?

Basically what the title is; GUIDs are unique by design. If you run the GUID through SHA1 and then Base64 the hash, will the resulting string have the same guaranteed uniqueness as the GUID, or not?

sha-1

asked May 17 '13 at 20:03

John

votes

3 answers

Calculating the amount of zero bits to be appended to the message

From FIPS 180-3 Suppose that the length of the message, $M$, is $l$ bits. Append the bit $1$ to the end of the message, followed by $k$ zero bits, where $k$ is the smallest, non-negative solution to the equation $l + 1 + k \equiv 448 \mod 512$ .…

sha-1

asked Aug 31 '11 at 16:25

Stijn

votes

1 answer

How is it possible to detect "unknown SHA-1 cryptanalytic collision attacks given just a single file from a colliding file pair"?

The following description from http://shattered.it caught my eye: How do I detect this attack? You can use the online tool above to submit files and have them checked for a cryptanalytic collision attack on SHA-1. The code behind this was developed…

sha-1

asked Mar 07 '17 at 12:11

cmeeren

votes

2 answers

Different implementations of SHA1, which one is correct?

I have noticed that different implementations of SHA1 give different results. As I'm currently programming my own SHA1 implementation (in MATLAB / GNU Octave), I wonder which one should I follow? There are several implementations of SHA1 in Rosetta…

sha-1

asked Jul 13 '12 at 10:28

nrz

votes

3 answers

Changing SHA-1 constants an functions: Does it affect security?

I have been looking into the SHA-1 algorithm. I found that there are a set of functions and constants in the algorithm that have been standardized (section 5 of RFC 3174). If I want to use SHA-1, which I know is not advisable, does changing the…

sha-1

asked Nov 12 '18 at 10:00

Abdulahi

votes

1 answer

SHA-1: number of possible inputs, number of possible outputs, how many inputs have the same output,

From Wikipedia I read SHA-1 function produces an output of 160 bits and expects a max message size of $2^{64}-1$ bits. Is that right? If I order all possible inputs I would produce $\approx 2^{2^{64}}$ different bit array inputs, right? Not sure at…

sha-1

asked Apr 13 '16 at 17:24

Eduard

vote

1 answer

Are chosen-prefix collisions for SHA-1 a major threat?

GPG signing of Git commit tags relies on the collision resistance of SHA-1, which is weak. However, the attacker does not get to choose the prefix. How much does this translate to an actual vulnerability?

sha-1

asked Mar 24 '16 at 02:28

Demi

4,793
1
19
39

vote

0 answers

Impact of Git's use of SHA-1?

Git uses SHA-1, and it is common to sign Git commit or tag hashes to authenticate a repo. Is this insecure now?

sha-1

asked Mar 03 '16 at 17:45

Demi

4,793
1
19
39

vote

1 answer

Verifying identity using a sha-1 hash

I was reading http://blog.zorinaq.com/?e=74 which is about a Windows kernel developer. The developer proves that he is an actual developer by posting the SHA1 hash of a particular revision of a file. The actual hash values have been redacted, but I…

sha-1

asked Jan 17 '15 at 13:07

bobby

vote

1 answer

Why do we have fixed output length in the algorithm SHA1

Why do we have fixed output length in the algorithm SHA1 . is there any explanation about that

sha-1

asked Dec 12 '14 at 17:05

Fuad Ahmad

vote

2 answers

SHA1 multipart calculation

Is it possible to combine SHA1 digest values to get the SHA1 of the concatenated parts ? I know the "S1" SHA1 of "part 1" and the "S2" SHA1 of the "part 2" and I would like to know the SHA1 of the "part 1" concatenated with "part 2" calculated from…

sha-1

asked Jun 17 '14 at 09:31

Gabor Forgacs

vote

2 answers

SHA-1 colission resistance proof

I'm searching Why the SHA-1 is collision resistance? Anybody could help me with the proof or say me where I can find this proof?

sha-1

asked Oct 07 '13 at 11:49

juaninf

2,701
2
18
28

2 Next