Crypto-Panic Time or Not?

The recent release of a paper detailing the way that a Shandong University team found a significant flaw in the SHA-1 encryption algorithm has caused major ripples in the cryptoanalysis world, and it's time to ask whether the ripples will turn into major waves for folks implementing computer and network security. The answer depends on a couple of major factors--how far into the future you look when making implementation decisions, and how much security is enough for you and your situation.

First, understand what the paper said. One of the ways in which encryption schemes are evaluated is the frequency with which two different strings of text would encrypt (or hash) to the same result. SHA-1 was designed, and had been assumed, to have a collision in 2⁸⁰ operations. The team at Shandong University found a method by which they could reach a collision in only 2⁶⁹ hash operations.

Now, in realistic terms, that still a lot of operations, and it's more than the average hacker is going to be willing to brute force their way through in order to compromise a piece of communication. For the short term, then, there's no need to panic. Over the longer term, though, there is more room for concern.

The real problem is that the Shandong team's results show that there is a problem with SHA-1, and now the likelihood grows that more issues can be found. Since more people are likely to be looking for problems that could very well exist, the result is a lack of confidence in SHA-1. It's time to start looking for a replacement.

Where are the replacements going to come from? The NIST has four hash versions specified in standards; SHA-224, SHA-256, SHA-384, and SHA-512. These are the most likely replacements in the near term. The good news is that the science and art of cryptography keeps moving forward through research like that engaged in at Shandong University. The bad news is that, like all advances, there's going to be just a hint of a growing pain as we move the state of security forward. Get ready.

Thanks to Bruce Schneier for following cryptography more closely than I do, and for explaining the intricacies without dipping more deeply into the math than is absolutely required. His free monthly newsletter is a must for anyone who wants to keep up with what's happening in cryptography and encryption.