Errr... Um.... Ut-oh. SHA and MD5 (might) Have Collisions

by William Grosso

Related link: http://www.freedom-to-tinker.com/archives/000661.html



Over on Edward Felten's blog, there's some discussion of recent papers announcing collisions in SHA-1. As Felten put it, "Since SHA-1 is the most popular CHF, and the other popular ones are weaker cousins of SHA-1, a break of SHA-1 would be pretty troublesome. For example, it would cast doubt on digital signatures, since it might allow an adversary to cut somebody's signature off one document and paste it (undetectably) onto another document."


Opinions vary on just how serious this could be (for example, this article argues it's not so bad in the short term) but it seems clear that, when you factor in the likely collisions in MD-5, that a fair amount of our cryptographic infrastructure may be weaker than we thought.


If you didn't understand this blog entry, start reading the wikipedia.


The big question: if SHA-1 and MD-5 do have collisions, what should we do?