Skip the navigation

SHA-1 flaw seen as no risk to one-time password proposal

The vulnerability in the SHA-1 one-way hash function rocked the cryptographic world

By Mark Willoughby
March 22, 2005 12:00 PM ET

Computerworld - The vulnerability in the SHA-1 one-way hash function, which recently rocked the cryptographic world, is not seen as a threat to a new generation of one-time password products based on the encryption standard.
The Initiative for Open Authentication's (Oath) Hashed Message Authentication Code (HMAC), a one-time password (OTP) proposal based on SHA-1, is being promoted as a key technology for broadening the authentication marketplace. Analysts at The Yankee Group in Boston predict that the authentication market will grow at a 12% annual rate, almost doubling from $1.4 billion in 2004 to $2.4 billion in 2008.
A flaw in Oath's proposed OTP standard could dent that growth, but that isn't likely, said Phillip Hallam-Baker, a chief scientist at Oath sponsor VeriSign Inc. in Mountain View, Calif., and other cryptographers.
The vulnerability isn't a threat because less is better when it comes to preventing the reproduction of a hash value, Hallam-Baker said. Oath's algorithm for the one-time password truncates, or discards, bits from the 160-bit hash value produced by SHA-1, he said. Oath's OTP uses only enough bits to produce a six-digit sequential password, deleting the rest.
"To break the Oath password, you'd have to know exactly the hash bits left after truncation. Truncation greatly increases the difficulty of breaking the hash. Since we're not using all the hashed information, a hacker actually has less information available to [him]," which significantly increases the difficulty of breaking the Oath OTP, he said.
SHA-1 is an encryption algorithm developed by the U.S. National Security Agency in 1995 after a weakness was discovered in a predecessor, the Secure Hash Algorithm, or SHA.
Three Chinese cryptographers at Shandong University in February discovered the flaw when they created two different files that produced the same hash value (see story). Cryptographers refer to this type of attack on a hash as a "birthday attack" because the algorithms are frequently described by using the analogy of finding two people with the same birthday in a large crowd.
Any two people randomly selected from a crowd should have unique birthdays, just as cryptographic hashing functions should produce a unique value for every input of clear text. Further, no collisions, or identical hash values, should result from countless inputs of the same text.
The SHA-1 vulnerability demonstrated that an identical hash value could be computed about 2,000 times faster than a so-called brute-force attack, where a hacker tries every possible means, such as guessing passwords and trying various code combinations, to gain entry into a system. In cryptographic terms, finding a method that breaks a cipher faster than a



Our Commenting Policies
2015 Premier 100 nominations open
Premier 100

Computerworld has launched its annual search for outstanding IT leaders who align technology with business goals. Nominate a top IT executive for the 2015 Premier 100 IT Leaders awards now through July 18.