Informative Information for the Uninformed  


SHA1 Collision IrrelevanceIn February of 2005, a group of Chinese researchers developed an algorithm for finding SHA1 hash collisions faster than brute force[22]. They proved it possible to find collisions in the full 80step SHA1 in less than 2^{69} hash operations, about 2,000 times faster than brute force of the 2^{80} hash operation theoretical bound. The paper also includes search attacks for finding collisions in the 58step SHA1 in 2^{33} hash operations and SHA0 in 2^{39} hash operations. The biggest impact that this discovery has pertains to use of SHA1 hashes in digital signatures and technologies where one of the preimages is known. By searching for a second preimage which hashes to the same value as the original, a digital signature for the original may theoretically be used to authenticate a forgery. The use of SHA1 by the SteganRTP reference implementation is solely to compute a bitpad of keying information with a longer, seemingly more random bit distribution than what is likely provided directly by user input as the shared secret. The result of the SHA1 hash of the user's shared secret is used directly as keying information. In order to launch a collision attack against the hash used as the bitpad, the attacker would have to either obtain the original usersupplied shared secret or the hash itself. Due to the hash being used directly as keying information, the possession of it by an attacker has already compromised the security of the data being obfuscated with it; computing one or more additional preimages which hash to a collision provides no additional value for the attacker.
