2005/02/22
SHA1 Broken
According to a number of places, but primarily Bruce Schneier, SHA-1 has been broken by a team of researchers in China. It's not time to panic if you're using it, but it is time to start thinking about a replacement.
Schneier notes that hashing isn't very well understood. Encryption, he notes, is much better understood and therefore more secure. Unlike RSA's SecurID and other token-based two-factor authentication systems, WiKID uses asymmetric cryptography in our WiKID Strong Authentication System.
It seems as though researchers are improving their ability to break hashing systems. Scott Contini and Yiqun Lisa Yin published a paper on Fast Software-Based Attacks on SecurID.
While their research isn't a smoking gun, they make a solid case for not recycling your tokens, which is frequently done.
Schneier notes that hashing isn't very well understood. Encryption, he notes, is much better understood and therefore more secure. Unlike RSA's SecurID and other token-based two-factor authentication systems, WiKID uses asymmetric cryptography in our WiKID Strong Authentication System.
It seems as though researchers are improving their ability to break hashing systems. Scott Contini and Yiqun Lisa Yin published a paper on Fast Software-Based Attacks on SecurID.
While their research isn't a smoking gun, they make a solid case for not recycling your tokens, which is frequently done.
- Category(s)
- Miscellaneous
- Authentication Attacks
- The URL to Trackback this entry is:
- http://www.wikidsystems.net/WiKIDBlog/9/tbping
Digg this!
Del.ico.us
Google
Yahoo bookmarks
Reddit
Spurl
Simpy
