How secure is a partial 64bit hash of a SHA1 160bit hash?



So http://en.wikipedia.org/wiki/SHA-1 SHA-1 produces a 160-bit (20-byte) hash valueand As of 2012, the most efficient attack against SHA-1 is considered to be the one by Marc Stevens with an estimated cost of $2.77M to break a single hash value by renting CPU power from cloud serversWith a theoretical attack taking 2^60 operationsSo if a custom verification algorithm only the first 64bits of the full hash how secure is that? How many operations would it require?

Related to : How secure is a partial 64bit hash of a SHA1 160bit hash?
In Ruby, why is Hash[:a, 1] and Hash[[[:a, 1]]] giving the same result {:a => 1}, while Hash[[:a,1]] gives an empty hash?
Information Security
> Hash[:a,2,:b,4]
=> {:a=>2, :b=>4}
> Hash[:a,1]
=> {:a=>1}
> Hash[[:a,1]]
=> {}
> Hash[[[:a,1]]]
=> {:a=>1}

Is it possible to convert a 40-character SHA1 hash to a 20-character SHA1 hash?
Information Security

My problem is a bit hairy, and I may be asking the wrong questions, so please bear with me...


I have a legacy MySQL database which stores the user passwords & salts for a membership system. Both of these values have been hashed using the Ruby framework - roughly like this:


hashedsalt =
Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--")



hashedpassword =
Digest::SHA1.hexdigest("#{hashedsalt}:#{password}")


So both values are stored as 40-character strings (varchar(40)) in MySQL.


Now I need to import all of these users into the ASP.NET membership

(Problem Solved) Hash(m1 xor m2) = Hash(m1) xor Hash (m2) Is this true in case of SHA1
Information Security

Can anyone shed some knowledge on this?


My answer is no, it is not true, because SHA1 has a strong collision resistant property.


Generating a SHA1 hash in Windows Phone outputs a different hash
Information Security

I'm currently using the built-in methods in Windows Phone and Silverlight to create a SHA1 hash of a string. This is the code:


private static string CalculateSHA1(string text)
{
SHA1Managed s = new SHA1Managed();
UTF8Encoding enc = new UTF8Encoding();
s.ComputeHash(enc.GetBytes(text.ToCharArray()));
System.Diagnostics.Debug.WriteLine("Original Text {0}, Access {1}", text, Convert.ToBase64String(s.Hash));
return Convert.ToBase64String(s.Hash);
}

For example, I tried generating a hash for this string: "hello".


Silverlight Output:

HMC SHA1 hash - C# producing different hash output than PHP
Information Security

I have a code in PHP and that is below when i Execute the Below PHP code and when i Run the C# code which is below PHP Code i got different Result I dont know where I am wrong.


$accessID = "member-1681fca809";
$secretKey = "63f22236ab43b69462b3272b110e3c78";
$expires = 1357039353;
$stringToSign = $accessID."
".$expires;
$binarySignature = hash_hmac('sha1', $stringToSign, $secretKey, true);
$urlSafeSignature = urlencode(base64_encode($binarySignature));
print_r($expires);
print_r($urlSafeSignature);
I got Output
1357039353
M1PZW2DYVzdRV1l4ZHBPAmiv9iM%3D

<
How secure is a partial 64bit hash of a SHA1 160bit hash?
Information Security
So http://en.wikipedia.org/wiki/SHA-1 SHA-1 produces a 160-bit (20-byte) hash valueand As of 2012, the most efficient attack against SHA-1 is considered to be the one by Marc Stevens with an estimated cost of $2.77M to break a single hash value by renting CPU power from cloud serversWith a theoretical attack taking 2^60 operationsSo if a custom verification algorithm only the first 64bits of the full hash how secure is that? How many operations would it require?

Privacy Policy - Copyrights Notice - Feedback - Report Violation - RSS 2017 © bighow.org All Rights Reserved .