>>59079588
>theoretical attacks have been known since 2005
>officially deprecated by NIST in 2011
well, just a matter of time
http://shattered.io/
>officially deprecated by NIST in 2011
And people still use this thing after this?
if you check all 3 sha-1 sha-256 and md5 how fucked are you?
So what you're saying is that if someone is intercepting messages between my ISP and me and leased time on a supercomputer it's possible that 500 hours later they could give me a file that my browser thought was the correct file but actually wasn't? Zounds!
>>59080337
MD5 was defeated years back so there's no reason to bother checking it anymore. SHA1 is still moderately safe at least for the time being but you should only bother with SHA256
>>59080351
> they create a fake file that many people download
> send it to you
> botnet!
or
> state actors want you get into your system because you work for Hillary
> and they do
>meanwhile spread fake story how they did
>>59080377
>MD5 was defeated years back so there's no reason to bother checking it anymore.
but sometimes that's all you have :(
>>59080382
They... get into my system by creating a hash collision? With what? The password that if they knew what it was they would already have access to my stuff?
This is all mad adorbs how security fetishists get a boner off this stuff, but only two MD5 collisions have ever been demonstrated. Just because two people in the world have the same birthday doesn't mean you've created a birthday-duping algorithm.
>>59080457
MD5 was completely and thoroughly defeated. Weaknesses in MD5 have even exploited to sign malware which was used by state actors
https://en.wikipedia.org/wiki/Flame_(malware)
>>59079588
SHA1 hasn't been secure for quite a while now.
>>59080351
No, they can't. That would require a preimage attack. This is a collision attack.
>>59080377
does the combination make it stronger tho?
>>59080618
In the same way that adding a few sheets of silk over your kevlar vest makes it safer.
It's a good thing linux systems download updates through insecure network then.
>>59080618
Nope it really only makes the computation take longer. You can use them for data corruption but they're kinda overkill for that purpose.
>>59080644
google spider silk ballistic properties
They are currently only finding collision pairs, not collisions. Both items are created compromised. So both the "real" and "fake" hashes have to be planted rather than any item just being switched in transit.
>>59080402
What the fuck are you doing, paint-by-numbers ASIC design?
>in practice it takes 1 year to actually shatter it
>>59079588
is this pass the headphones new name?
>>59079588
>Has this been abused in the wild?
>Not as far as we know.
>This attack required over 9,223,372,036,854,775,808 SHA1 computations. This took the equivalent processing power as 6,500 years of single-CPU computations and 110 years of single-GPU computations.
>year of Our Lord 2017
>still not using the superior Whirlpool hash function for all your cryptographic hashing needs
>>59080764
silk. not spider silk.
Git BTFO
>>59081297
>This attack required over 9,223,372,036,854,775,808 SHA1 computations. This took the equivalent processing power as 6,500 years of single-CPU computations and 110 years of single-GPU computations.
kek
>>59081297
>tfw you use mercurial
>>59081310
GIDF damage control is in full effect
>>59081216
>>59081310
Nothing a few asics can't knock out in a day or so.
Can this technique be leveraged to bruteforce WPA2-PSK faster since it involves 4096 rounds of SHA1?
>>59081339
I didn't mean to reply to your post. Cunt.
>Trusting NIST anything
BLAKE2, Skein, or Whirlpool only.
>>59081310
So buttcoin miners.
>>59081438
Those were competing for the nist standard inclusion too