Now that SHA-1 is cracked...

Hi,

Now that SHA-1 is cracked I am wondering how is MS dealing with this? I am
wondering how do I create a new SSL certificate with SHA-256 or 512. Cant
seem to create one for IIS.

G.

Matt
Mon Feb 21 14:02:31 CST 2005

SHA-1 Is not "Cracked"

Read before you panic and spread FUD.

Matt Gibson - GSEC

"George Spiro" <spam@spam.com> wrote in message
news:uDjYcxEGFHA.348@TK2MSFTNGP09.phx.gbl...
> Hi,
>
> Now that SHA-1 is cracked I am wondering how is MS dealing with this? I am
> wondering how do I create a new SSL certificate with SHA-256 or 512. Cant
> seem to create one for IIS.
>
> G.
>
>
>

Galen
Mon Feb 21 17:50:07 CST 2005

In news:u5NlDBFGFHA.1084@tk2msftngp13.phx.gbl,
Matt Gibson <mattg@blueedgetech.ca> had this to say:


> SHA-1 Is not "Cracked"
>
> Read before you panic and spread FUD.
>
> Matt Gibson - GSEC

From Google:

SHA-1 cracked!:
http://www.techspot.com/story17011.html

Perhaps the OP has been reading the news?

Galen
--

"My mind rebels at stagnation. Give me problems, give me work, give me
the most abstruse cryptogram or the most intricate analysis, and I am
in my own proper atmosphere. I can dispense then with artificial
stimulants. But I abhor the dull routine of existence. I crave for
mental exaltation." -- Sherlock Holmes

Paul
Mon Feb 21 19:33:57 CST 2005

In article <e4RayUHGFHA.560@TK2MSFTNGP15.phx.gbl>, in the
microsoft.public.windows.server.security news group, Galen <galennews@gmail.com> says...

> From Google:
>
> SHA-1 cracked!:
> http://www.techspot.com/story17011.html
>
> Perhaps the OP has been reading the news?
>

Irresponsible journalism at its worst, and you obviously don't know enough about cryptography
to understand the issues here. SHA-1 has not been cracked, the researchers have simply
determined that rather than finding collisions in 2*80 they can find them with 2*69. While
that is 2048 times easier to find a collision, SHA-1 has not been cracked at all. I'd suggest
that rather than reading the news you spend some time researching cryptography.

--
Paul Adare
"On two occasions, I have been asked [by members of Parliament],
'Pray, Mr. Babbage, if you put into the machine wrong figures,
will the right answers come out?' I am not able to rightly apprehend
the kind of confusion of ideas that could provoke such a question."
-- Charles Babbage (1791-1871)

Galen
Mon Feb 21 20:01:47 CST 2005

In news:MPG.1c8456109ec808b8989ba7@msnews.microsoft.com,
Paul Adare <padare@newsguy.com> had this to say:

> Irresponsible journalism at its worst, and you obviously don't know
> enough about cryptography to understand the issues here. SHA-1 has
> not been cracked, the researchers have simply determined that rather
> than finding collisions in 2*80 they can find them with 2*69. While
> that is 2048 times easier to find a collision, SHA-1 has not been
> cracked at all. I'd suggest that rather than reading the news you
> spend some time researching cryptography.

How snide... At what point did I say that I knew anything about
cryptography??? I think, if you look at my post, all I did was point to
where the OP had gotten the information. I made no comment of the veracity
of the post, the news, nor of Matt's statement. In fact, having read a great
deal of Matt's posts in the past I tend to trust what he says. My post was
only referring to the origin of the OP's post.

Galen
--

"My mind rebels at stagnation. Give me problems, give me work, give me
the most abstruse cryptogram or the most intricate analysis, and I am
in my own proper atmosphere. I can dispense then with artificial
stimulants. But I abhor the dull routine of existence. I crave for
mental exaltation." -- Sherlock Holmes

Paul
Mon Feb 21 21:03:30 CST 2005

In article <O1nK6JIGFHA.3648@TK2MSFTNGP09.phx.gbl>, in the
microsoft.public.windows.server.security news group, Galen
<galennews@gmail.com> says...

> How snide... At what point did I say that I knew anything about
> cryptography??? I think, if you look at my post, all I did was point to
> where the OP had gotten the information. I made no comment of the veracity
> of the post, the news, nor of Matt's statement. In fact, having read a great
> deal of Matt's posts in the past I tend to trust what he says. My post was
> only referring to the origin of the OP's post.
>

My apologies. I meant to follow up to the OP and not to your post. Had
the wrong one selected when I posted.

--
Paul Adare
"On two occasions, I have been asked [by members of Parliament],
'Pray, Mr. Babbage, if you put into the machine wrong figures,
will the right answers come out?' I am not able to rightly apprehend
the kind of confusion of ideas that could provoke such a question."
-- Charles Babbage (1791-1871)

Galen
Mon Feb 21 21:47:39 CST 2005

In news:MPG.1c846b0c84d65075989ba8@msnews.microsoft.com,
Paul Adare <padare@newsguy.com> had this to say:


> My apologies. I meant to follow up to the OP and not to your post. Had
> the wrong one selected when I posted.

Certainly and happily accepted and understood. Your statement were correct
as it's not "cracked" just shows that there's a vulnerability that COULD (in
theory) be exploited eventually with the computers of today if I'm reading
properly. The concept is theory and the papers have not been examined by the
general community. I hope, for the 'net's sake, that if the papers are
released that they are incorrect. I do believe in full disclosure under some
circumstances, this is not one of them. I enjoy the comfort of shopping
online a bit too much and often spend a great deal of money online. My post,
I too should apologize, should have been more clear as it was in support of
Matt's statement. It was my thought at the time that people might click on
the link and read, from there they'd hopefully find out that theoretically
there's a vulnerability and that there's nothing to be concerned about at
this time and that the OP was indeed spreading FUD originally generated by
an over-eager sky-is-falling media.

In response, in theory, there's a potential vulnerability in everything you
do online or off but in an effort to not wax philosophical I'll leave it at
that. The only secure transaction is one that you make in person with cash
and even then you might be getting ripped off. The only secure computer is
one that isn't capable of being turned on. Everything else has a potential
risk be it obscure or minimal there is always a risk. With one of my
favorite quotes I will leave this... I'm not sure if it's attributable to
anyone specifically. "Security is not an application, it's a process." If
anyone knows who that should be attributed to please feel free to drop the
name off (and hopefully some sort of evidence that it was that person) in a
later post as this has been a nagging thought.

Galen

--

"My mind rebels at stagnation. Give me problems, give me work, give me
the most abstruse cryptogram or the most intricate analysis, and I am
in my own proper atmosphere. I can dispense then with artificial
stimulants. But I abhor the dull routine of existence. I crave for
mental exaltation." -- Sherlock Holmes

Matt
Mon Feb 21 22:14:04 CST 2005

Galen,

There's a few things that should be said on all these "SHA-1 is cracked"
sites that rarely is.

A) No one has seen this paper that claims to have found a collision in SHA-1
in less than brute force attempts. It has not been released to the public,
so no memebers of the crypto community have had a chance to review it.

B) In the 2-3 page abstract from this paper, they state that their collision
was found with out the padding needed by SHA-1. So this may not be of any
real world use, as all (that I know of) SHA-1 implementations use padding
(as they're supposed to), and this attack may not work against padded
implementations.

C) Say the paper is right, and they can now break SHA-1 in ~2^53 attempts.
What does this mean to most people? Nothing. With these attacks, you
cannot just get "I will give you 1 million dollars" to "I will give you 10
million dollars". You'd have a better chance of getting "09sdfkj3uih3wi8"
to hash to the same value.

This is a prime example of how the media (and the uninformed tech community)
spreads FUD.

Matt Gibson - GSEC


"Galen" <galennews@gmail.com> wrote in message
news:e4RayUHGFHA.560@TK2MSFTNGP15.phx.gbl...
> In news:u5NlDBFGFHA.1084@tk2msftngp13.phx.gbl,
> Matt Gibson <mattg@blueedgetech.ca> had this to say:
>
>
>> SHA-1 Is not "Cracked"
>>
>> Read before you panic and spread FUD.
>>
>> Matt Gibson - GSEC
>
> From Google:
>
> SHA-1 cracked!:
> http://www.techspot.com/story17011.html
>
> Perhaps the OP has been reading the news?
>
> Galen
> --
>
> "My mind rebels at stagnation. Give me problems, give me work, give me
> the most abstruse cryptogram or the most intricate analysis, and I am
> in my own proper atmosphere. I can dispense then with artificial
> stimulants. But I abhor the dull routine of existence. I crave for
> mental exaltation." -- Sherlock Holmes
>
>

Galen
Mon Feb 21 23:04:05 CST 2005

In news:eO5MzTJGFHA.3492@TK2MSFTNGP12.phx.gbl,
Matt Gibson <mattg@blueedgetech.ca> had this to say:

> There's a few things that should be said on all these "SHA-1 is
> cracked" sites that rarely is.

Having read (indeed you're flagged an ugly magenta color by default with
OE -- sorry about that but I was running out of choices) a number of your
posts in the past I've found that I have never been able to find one flaw in
a single post you've sent unless it was a typo and in that case I probably
didn't even notice that. I have even read your papers about securing SMS
2000, I thought that it was well written and informative by the way. My
statement, just so you're aware, was just to show why the OP might have
thought that this was "reliable information." People, I think this is more
true of Western culture, tend to believe the news which, more often than
not, is biased in an effort to get a reaction, more readers/watchers, and
greater status.

What's more, in these "news sites," they should mention the vast amount of
computing power and time that it would take to accomplish this task even if
it's true. I use in this message the term "news" lightly and I hope that
you'll allow me to do so as I don't tend to think of blogs as a reliable
news medium nor do I follow much in the way of corporate sponsored news.

Mayhaps I should have put a "*chuckle*" behind the post about the OP reading
the news so that you were aware that I was agreeing with you and not
claiming the news was valid. Alas, I did not. I place these type of posts on
par with the people who post "I heard that MSN was going to shut down MSN
Messenger tomorrow at 9:00 AM if I didn't post this message to 100 people.
Is this true?" (Usually posted in all caps with a vague topic and a real
email address. Not to worry, they'll be back in three days asking about a
virus and in ten asking about all the spam they're receiving.)

Anyhow, there's no hope in changing the media and even smaller hope in
halting the number of questions which we'll receive about vague forms of
possible security threats. The best thing I can think of to tell people is
that the lines drawn for security are based on the person themselves and
what they want to get from the internet. If it's so valuable to them that
they're truly willing to risk the danger then it's something they should
do -- provided they've made an informed choice and are aware of the risks
before making the decision.

Galen
--

"My mind rebels at stagnation. Give me problems, give me work, give me
the most abstruse cryptogram or the most intricate analysis, and I am
in my own proper atmosphere. I can dispense then with artificial
stimulants. But I abhor the dull routine of existence. I crave for
mental exaltation." -- Sherlock Holmes

Roland
Tue Feb 22 00:02:14 CST 2005

"Galen" wrote in message news:%23XtOLwJGFHA.3732@tk2msftngp13.phx.gbl...
: In news:eO5MzTJGFHA.3492@TK2MSFTNGP12.phx.gbl,
: Matt Gibson <mattg@blueedgetech.ca> had this to say:
:
: "I heard that MSN was going to shut down MSN
: Messenger tomorrow at 9:00 AM if I didn't post this message to 100 people.
: Is this true?"

Is this true? Looking forward to 9am!! *bing bing bing*

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Online Support for IT Professionals -
http://support.microsoft.com/servicedesks/technet/default.asp?fr=0&sd=tech
How-to: Windows 2000 DNS:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;308201
FAQ W2K/2K3 DNS:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;291382

Matt
Tue Feb 22 00:16:04 CST 2005

Sorry Galen!

After reading through the thread with a little more care, I noticed your
post farther down explaining all that!

Many thanks for the words of praise...hopefully I'll live up to your
expectations ;)

It'll be intresting to see what the paper actually has to offer. I have a
feeling we'll see a lot of hasty retractions after it comes out.

If anyone's at all worried about the recent problems with MD5, SHA-0 and (it
would seem) SHA-1, all they need to do is use more than one hashing
function. I'd like to see someone come up with a collision in more than one
(non-related) hash algo at once.

Matt Gibson - GSEC


"Galen" <galennews@gmail.com> wrote in message
news:%23XtOLwJGFHA.3732@tk2msftngp13.phx.gbl...
> In news:eO5MzTJGFHA.3492@TK2MSFTNGP12.phx.gbl,
> Matt Gibson <mattg@blueedgetech.ca> had this to say:
>
>> There's a few things that should be said on all these "SHA-1 is
>> cracked" sites that rarely is.
>
> Having read (indeed you're flagged an ugly magenta color by default with
> OE -- sorry about that but I was running out of choices) a number of your
> posts in the past I've found that I have never been able to find one flaw
> in
> a single post you've sent unless it was a typo and in that case I probably
> didn't even notice that. I have even read your papers about securing SMS
> 2000, I thought that it was well written and informative by the way. My
> statement, just so you're aware, was just to show why the OP might have
> thought that this was "reliable information." People, I think this is more
> true of Western culture, tend to believe the news which, more often than
> not, is biased in an effort to get a reaction, more readers/watchers, and
> greater status.
>
> What's more, in these "news sites," they should mention the vast amount of
> computing power and time that it would take to accomplish this task even
> if
> it's true. I use in this message the term "news" lightly and I hope that
> you'll allow me to do so as I don't tend to think of blogs as a reliable
> news medium nor do I follow much in the way of corporate sponsored news.
>
> Mayhaps I should have put a "*chuckle*" behind the post about the OP
> reading
> the news so that you were aware that I was agreeing with you and not
> claiming the news was valid. Alas, I did not. I place these type of posts
> on
> par with the people who post "I heard that MSN was going to shut down MSN
> Messenger tomorrow at 9:00 AM if I didn't post this message to 100 people.
> Is this true?" (Usually posted in all caps with a vague topic and a real
> email address. Not to worry, they'll be back in three days asking about a
> virus and in ten asking about all the spam they're receiving.)
>
> Anyhow, there's no hope in changing the media and even smaller hope in
> halting the number of questions which we'll receive about vague forms of
> possible security threats. The best thing I can think of to tell people is
> that the lines drawn for security are based on the person themselves and
> what they want to get from the internet. If it's so valuable to them that
> they're truly willing to risk the danger then it's something they should
> do -- provided they've made an informed choice and are aware of the risks
> before making the decision.
>
> Galen
> --
>
> "My mind rebels at stagnation. Give me problems, give me work, give me
> the most abstruse cryptogram or the most intricate analysis, and I am
> in my own proper atmosphere. I can dispense then with artificial
> stimulants. But I abhor the dull routine of existence. I crave for
> mental exaltation." -- Sherlock Holmes
>
>

thurberk
Tue Feb 22 08:59:44 CST 2005

Matt Gibson wrote:
<snip A and B>
> C) Say the paper is right, and they can now break SHA-1 in ~2^53
attempts.
> What does this mean to most people? Nothing. With these attacks,
you
> cannot just get "I will give you 1 million dollars" to "I will give
you 10
> million dollars". You'd have a better chance of getting
"09sdfkj3uih3wi8"
> to hash to the same value.

Certainly true--this alleged vulnerability has no measurable effect on
signed messages. However and unfortunately, some applications use
SHA-1 as a more basic building block of their security. The most
common example, of course, is storing the hash of a password in an
accessible xml file, and authenticating the user if a hash of his input
matches the hash in the xml file. Assuming that the Chinese can do
everything they claim, and that the padding problem can likewise be
overcome, these collisions surely reduce the security of such
applications by the advertised amount.

Matt
Tue Feb 22 11:56:49 CST 2005

Agreed.

Matt Gibson - GSEC

<thurberk@cscsw.com> wrote in message
news:1109084384.464291.145630@c13g2000cwb.googlegroups.com...
> Matt Gibson wrote:
> <snip A and B>
>> C) Say the paper is right, and they can now break SHA-1 in ~2^53
> attempts.
>> What does this mean to most people? Nothing. With these attacks,
> you
>> cannot just get "I will give you 1 million dollars" to "I will give
> you 10
>> million dollars". You'd have a better chance of getting
> "09sdfkj3uih3wi8"
>> to hash to the same value.
>
> Certainly true--this alleged vulnerability has no measurable effect on
> signed messages. However and unfortunately, some applications use
> SHA-1 as a more basic building block of their security. The most
> common example, of course, is storing the hash of a password in an
> accessible xml file, and authenticating the user if a hash of his input
> matches the hash in the xml file. Assuming that the Chinese can do
> everything they claim, and that the padding problem can likewise be
> overcome, these collisions surely reduce the security of such
> applications by the advertised amount.
>

jeff
Wed Feb 23 21:34:10 CST 2005

On Mon, 21 Feb 2005 14:34:15 -0500, "George Spiro" <spam@spam.com>
wrote:

>Now that SHA-1 is cracked I am wondering how is MS dealing with this? I am
>wondering how do I create a new SSL certificate with SHA-256 or 512. Cant
>seem to create one for IIS.

Nice troll. Your answer is "you can't".

Jeff