SHA-1 has been broken. Not a reduced-round version. Not a simplified version. The real thing.
The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu (mostly from Shandong University in China) have been quietly circulating a paper describing their results: - collisions in the the full SHA-1 in 269 hash operations, much less than the brute-force attack of 280 operations based on the hash length. - collisions in SHA-0 in 239 operations. - collisions in 58-round SHA-1 in 233 operations.
This attack builds on previous attacks on SHA-0 and SHA-1, and is a major, major cryptanalytic result. It pretty much puts a bullet into SHA-1 as a hash function for digital signatures (although it doesn’t affect applications such as HMAC where collisions aren’t important).
Und das sagt nicht irgendwer, das sagt uns Bruce Schneier…
Tjaaaa, was denn nu mit die Signaturen? Blut?
Update: Bei Heise: Konsequenzen der erfolgreichen Angriffe auf SHA-1.