Join Log in
Score:4
Hormoz avatar Crypto

How secure is SHA-1 against preimage attacks currently?

us flag
Hormoz

We know that SHA-1 is susceptible to collision attacks, but what about pre-image attacks such as poisoning torrents?

1733
1 + 0
Score:11
Daniel S avatar Crypto
ru flag
Daniel S

To my knowledge, the SHA-1 hash function is still believed to have 160-bits of pre-image resistance against classical computation.

There have been results showing that reducing the number of rounds in SHA-1 to below the stipulated 80 allow pre-images to be found subexhaustively. Specifically, De Canniere and Rechberger's Crypto 2008 paper Preimages for Reduced SHA-0 and SHA-1 claim a pre-image attack taking on 44-round SHA-1 roughly $2^{157}$ evaluations. This seems to indicate that cryptanalysis is not yet close to a full pre-image attack.

Nevertheless, SHA-1 should be deprecated as the collision attack means that it should not be offered as a legacy option in cryptographic libraries in order to avoid downgrade attacks in applications where collision resistance is required.

+ 5
kodlu avatar
sa flag
kodlu
thanks for this informative answer, so to my understanding the state of the art for pre-image (unlike collision) has not really improved.
2
Reply
forest avatar
vn flag
forest
Even MD5 is quite preimage resistant (though you still shouldn't use it!).
1
Reply
Daniel S avatar
ru flag
Daniel S
@forest True, but also worth mentioning the impressive work by Sasaki and Aoki finding a [subexhaustive attack on MD5 preimage](https://iacr.org/archive/eurocrypt2009/54790136/54790136.pdf).
0
Reply
kelalaka avatar
in flag
kelalaka
@kodlu collision attack is the first one to break since it gives the attacker more control.
0
Reply
kelalaka avatar
in flag
kelalaka
@DanielS the MD5's attack's real cost is larger than the direct brute force in practice. The main reason is the memory cost. The attack's real cost must be counted with the memory cost, too, That is always mentioned by DJB. Consider the novel DES attacks ( linear and differential), they are faster, however, the real cost is much higher so that none ever build them, we have only brute-force attacks on DES.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.