SHA-1 Broken? Tell me it aint so…

But alas, it looks like it is.  See here-

For those needing some background on hashes see:




Comments (2)

  1. zzz says:

    Reading slashdot I got the idea that while they managed to get collision, that was just with a very specially crafted input. So while interesting, there’s no practical use for the fact.

  2. Jerry Pisk says:

    That depends on your definition of broken. The described attack allows you to create two inputs that hash to the same value (which was always possible) but not to create an input from a hash. So if you get hold of password hashes you still won’t be able to retrieve the passwords with anything better than brute force. Of course if they publish the details it may lead to other smart people finding more weaknesses in the algorithm.

Skip to main content