Security guru Schneier: SHA-1 should be replaced due to CWI’s cryptanalysis

Security guru Bruce Schneier says that SHA-1 should be replaced. On his blog he writes that Intel researcher Jesse Walker estimated that it only costs 2.7 million dollar to break the cryptographic algorithm SHA-1 by renting Amazon servers, using the cryptographic method designed by CWI researcher Marc Stevens.

Publication date
11 Oct 2012

Security guru Bruce Schneier says that SHA-1 should be replaced. On his blog he writes that Intel researcher Jesse Walker estimated that it only costs 2.7 million dollar to break the cryptographic algorithm SHA-1 by renting Amazon servers, using the cryptographic method designed by CWI researcher Marc Stevens. Walker said the costs will drop to 173 thousand dollar in 2018 and to 43 thousand dollar in 2021, based on Moore’s Law.

The news on Schneier’s blog was published in the Netherlands by Webwereld.nl on 8 October. Marc Stevens: “More refined analysis shows that the costs might even be significantly lower. Walker and Schneier’s analysis suggests its worth considering withdrawing SHA-1 in favour of SHA-2 as soon as possible”.

The widely used cryptographic algorithm SHA-1 is used to compute digital fingerprints for https security and digital signatures. Due to significant weaknesses found in SHA-1 and its predecessor MD5 (by Xiaoyun Wang, Marc Stevens and others), the US National Institute for Standards and Technology (NIST) initiated a competition in 2007 to design a new cryptographic standard, SHA-3, to replace MD5, SHA-1 and SHA-2. On 2 October 2012 the winner of this SHA-3 competition was chosen.

Stevens is a member of the CWI Cryptology group, which is headed by Ronald Cramer. This group investigates fundamental cryptographic questions from a broad scientific perspective, particularly from mathematics, computer science and physics. More information on Stevens’ cryptanalytic method to break SHA-1 can be found in his PhD thesis.