理解sha-1碰撞弱点 [英] Understanding sha-1 collision weakness
问题描述
http://www.secureworks.com/research/ blog / index.php / 2009/6/3 / sha-1-collision-attacks-now-252 /
我想知道的是这些发现对未受攻击的系统的暗示。意味着如果我哈希随机数据,什么是碰撞的统计赔率?换句话说,最近的研究表明,暴力生日攻击有更高的机会找到最初提出的冲突。
有些写作,像上面的一样,说通过蛮力获得SHA-1碰撞将需要2 ^ 80次操作。大多数来源说,2 ^ 80是一个理论数字(我假设,因为没有哈希函数真正分布,甚至在其摘要空间)。
那么,在基本哈希分布中发现的任何sha1冲突缺点呢?或者是碰撞的几率只有引导的数学攻击的结果增加吗?
我意识到,最后它只是一个赔率的游戏,他们是一个无穷小小的更改,您的第一和第二条消息将导致冲突。我也意识到,即使2 ^ 52是一个非常大的数字,但我仍然想要了解一个系统的影响不受攻击。
您的链接中公布的结果是一个攻击,这是一系列仔细的,算法选择的步骤,其产生的冲突的概率要大于随机攻击。它不是散列函数分布中的弱点。好吧,确定,这是,但不是排序,使随机攻击可能在2 ^ 52的顺序成功。
如果没有人试图生成您的哈希输出中的冲突,此结果不会影响您。
According to various sources, attacks looking for sha-1 collisions have been improved to 2^52 operations:
http://www.secureworks.com/research/blog/index.php/2009/6/3/sha-1-collision-attacks-now-252/
What I'd like to know is the implication of these discoveries on systems that are not under attack. Meaning if I hash random data, what are the statistical odds of a collision? Said another way, does the recent research indicate that a brute-force birthday attack has a higher chance of finding collisions that originally proposed?
Some writeups, like the one above, say that obtaining a SHA-1 collision via brute force would require 2^80 operations. Most sources say that 2^80 is a theoretical number (I assume because no hash function is really distributed perfectly even over its digest space).
So are any of the announced sha1 collision weaknesses in the fundamental hash distribution? Or are the increased odds of collision only the result of guided mathematical attacks?
I realize that in the end it is just a game of odds, and that their is an infinitesimally small change that your first and second messages will result in a collision. I also realize that even 2^52 is a really big number, but I still want to understand the implications for a system not under attack. So please don't answer with "don't worry about it".
The result announced in your link is an attack, a sequence of careful, algorithmically-chosen steps that generate collisions with greater probability than would a random attack. It is not a weakness in the hash function's distribution. Well, ok, it is, but not of the sort that makes a random attack likely on the order of 2^52 to succeed.
If no one is trying to generate collisions in your hash outputs, this result does not affect you.
这篇关于理解sha-1碰撞弱点的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
