How secure is a partial 64bit hash of a SHA1 160bit hash?


So http://en.wikipedia.org/wiki/SHA-1 SHA-1 produces a 160-bit
(20-byte) hash valueand As of 2012, the most efficient attack
against SHA-1 is considered to be the one by Marc Stevens with an
estimated cost of $2.77M to break a single hash value by renting CPU
power from cloud serversWith a theoretical attack taking 2^60
operationsSo if a custom verification algorithm only the first 64bits
of the full hash how secure is that? How many operations would it
require?
> Hash[:a,2,:b,4]
=> {:a=>2, :b=>4}

> Hash[:a,1]
=> {:a=>1}
> Hash[[:a,1]]

=> {}
> Hash[[[:a,1]]]
=> {:a=>1} />
Programming Languages

My problem is a bit hairy, and I may be asking the wrong questions,
so please bear with me...


I have a legacy MySQL database
which stores the user passwords & salts for a membership system.
Both of these values have been hashed using the Ruby framework -
roughly like this:


hashedsalt =

Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--")




hashedpassword =

Digest::SHA1.hexdigest("#{hashedsalt}:#{password}")


So
both values are stored as 40-character strings (varchar(40)) in MySQL.


Now I need to import all of these users into the ASP.NET
membership

Programming Languages

Can anyone shed some knowledge on this?


My answer is
no, it is not true, because SHA1 has a strong collision resistant
property.

Web Design

I'm currently using the built-in methods in Windows Phone and
Silverlight to create a SHA1 hash of a string. This is the
code:


private static string CalculateSHA1(string
text)
{
SHA1Managed s = new SHA1Managed();

UTF8Encoding enc = new UTF8Encoding();

s.ComputeHash(enc.GetBytes(text.ToCharArray()));

System.Diagnostics.Debug.WriteLine("Original Text {0}, Access {1}",
text, Convert.ToBase64String(s.Hash));
return
Convert.ToBase64String(s.Hash);
}

For
example, I tried generating a hash for this string: "hello".

/>

Silverlight Output:

Programming Languages

I have a code in PHP and that is below when i Execute the Below PHP
code and when i Run the C# code which is below PHP Code i got
different Result I dont know where I am wrong.

/>$accessID = "member-1681fca809";
$secretKey =
"63f22236ab43b69462b3272b110e3c78";
$expires = 1357039353; />$stringToSign = $accessID."
".$expires;
$binarySignature =
hash_hmac('sha1', $stringToSign, $secretKey, true); />$urlSafeSignature = urlencode(base64_encode($binarySignature)); />print_r($expires);
print_r($urlSafeSignature);
I got
Output
1357039353
M1PZW2DYVzdRV1l4ZHBPAmiv9iM%3D />

<
C & C++ & C#
So http://en.wikipedia.org/wiki/SHA-1 SHA-1 produces a 160-bit
(20-byte) hash valueand As of 2012, the most efficient attack
against SHA-1 is considered to be the one by Marc Stevens with an
estimated cost of $2.77M to break a single hash value by renting CPU
power from cloud serversWith a theoretical attack taking 2^60
operationsSo if a custom verification algorithm only the first 64bits
of the full hash how secure is that? How many operations would it
require?
Information Security

- Technology - Languages
+ Webmasters
+ Development
+ Development Tools
+ Internet
+ Mobile Programming
+ Linux
+ Unix
+ Apple
+ Ubuntu
+ Mobile & Tablets
+ Databases
+ Android
+ Network & Servers
+ Operating Systems
+ Coding
+ Design Software
+ Web Development
+ Game Development
+ Access
+ Excel
+ Web Design
+ Web Hosting
+ Web Site Reviews
+ Domain Name
+ Information Security
+ Software
+ Computers
+ Electronics
+ Hardware
+ Windows
+ PHP
+ ASP/ASP.Net
+ C/C++/C#
+ VB/VB.Net
+ JAVA
+ Javascript
+ Programming
Privacy Policy - Copyrights Notice - Feedback - Report Violation 2018 © BigHow