Bruce Schneier writes about a new cryptanalysis attack published recently brings the SHA-1 hashing algorithm increasingly closer to a realistic collision. Considering the SHA-1 algorithm is designed closeley to the principles of MD4 and MD5 hashing algorithms, it seems not a question of if, but a question of when. Bruce writes:
A new attack can, at least in theory, find collisions in 252 hash operations — well within the realm of computational possibility. Assuming the cryptanalysis is correct, we should expect to see an actual SHA-1 collision within the year.
This has little immediate real-world implications on data security since most have moved on to stronger or the SHA-2 family of algorithms which, for now, are safe. Nontheless, the NIST has already begun development on a “SHA-3″ algorithm with publication to be expected in 2012.
More on Bruce Schneier’s blog post.
