了解 sha-1 碰撞弱点 [英] Understanding sha-1 collision weakness
问题描述
根据各种来源,寻找 sha-1 冲突的攻击已改进为 2^52 次操作:
According to various sources, attacks looking for sha-1 collisions have been improved to 2^52 operations:
http://www.secureworks.com/research/blog/index.php/2009/6/3/sha-1-collision-attacks-now-252/
我想知道这些发现对未受到攻击的系统有何影响.意思是如果我散列随机数据,碰撞的统计几率是多少?换句话说,最近的研究是否表明暴力生日攻击有更高的机会发现最初提出的碰撞?
What I'd like to know is the implication of these discoveries on systems that are not under attack. Meaning if I hash random data, what are the statistical odds of a collision? Said another way, does the recent research indicate that a brute-force birthday attack has a higher chance of finding collisions that originally proposed?
一些文章,如上面的文章,说通过蛮力获得 SHA-1 碰撞需要 2^80 次操作.大多数消息来源说 2^80 是一个理论数字(我假设是因为即使在其摘要空间上也没有真正完美分布的哈希函数).
Some writeups, like the one above, say that obtaining a SHA-1 collision via brute force would require 2^80 operations. Most sources say that 2^80 is a theoretical number (I assume because no hash function is really distributed perfectly even over its digest space).
那么在基本散列分布中是否有任何已宣布的 sha1 冲突弱点?或者碰撞几率的增加只是引导数学攻击的结果?
So are any of the announced sha1 collision weaknesses in the fundamental hash distribution? Or are the increased odds of collision only the result of guided mathematical attacks?
我意识到这最终只是一场赔率游戏,而且它们是一个非常小的变化,您的第一条消息和第二条消息将导致冲突.我也意识到即使 2^52 也是一个非常大的数字,但我仍然想了解对不受攻击的系统的影响.所以请不要回答别担心".
I realize that in the end it is just a game of odds, and that their is an infinitesimally small change that your first and second messages will result in a collision. I also realize that even 2^52 is a really big number, but I still want to understand the implications for a system not under attack. So please don't answer with "don't worry about it".
推荐答案
在您的链接中宣布的结果是攻击,这是一系列谨慎的、算法选择的步骤,产生的碰撞概率大于会随机攻击.这不是散列函数分布的弱点.好吧,是的,但不是那种使 2^52 数量级的随机攻击有可能成功的类型.
The result announced in your link is an attack, a sequence of careful, algorithmically-chosen steps that generate collisions with greater probability than would a random attack. It is not a weakness in the hash function's distribution. Well, ok, it is, but not of the sort that makes a random attack likely on the order of 2^52 to succeed.
如果没有人试图在您的哈希输出中产生冲突,则此结果不会影响您.
If no one is trying to generate collisions in your hash outputs, this result does not affect you.
这篇关于了解 sha-1 碰撞弱点的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
