Big weakness in SHA-1 found

Bruce Schneier reports that SHA-1 is broken. Detailed results and techniques used are not yet published, but Schneier says that the paper looks good and that the Chinese research team behind it is reputable. I believe the same people were involved in finding the MD-5 collisions last year.

Weaknesses in SHA-1 has been suspected, but I had hoped that the algorithm would prove to be a bit more resistant to attacks than this. It smells of fundamental flaws in an entire group of similar hashes. For strong cryptographic hashing, Whirlpool looks like it might be a good bet, but it's slow and not widely supported.

16 February, 2005