Good to Know: SHA-1 Shortcutted

Bruce Schneier reports that the Chinese researcher who was denied a visa to enter the U. S. for a crypto conference had a valid reason for wanting to be there: she's found the first of many shortcuts for breaking SHA-1. SHA-1 has been wounded for months. Now, it's limping and ready to be put down. I was lamenting the lack of advanced hashing software and preparing to write my own when I fortunately found that OpenBSD had already foreseen my dilemma.

The OpenBSD Project modified the operation of the cksum(1) application back in OpenBSD 3.6 to handle more robust hashing algorithms, most notably SHA-256 and SHA-512. Viva OpenBSD.

$ echo -n "abc" | cksum -a md5,sha1,sha256,sha512
900150983cd24fb0d6963f7d28e17f72
a9993e364706816aba3e25717850c26c9cd0d89d
ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad
ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a8
36ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f

What about Windows? Ha! Microsoft offers FCIV, which is rather handy, albeit limited to just MD5 and SHA-1 and thus worthless to us. Writing your own in .NET is pretty straight-forward — it's how I verified the values given to me by cksum(1) — but should everyone have to do the same? That seems unnecessary. I hope that Microsoft, the company that swears their software can do anything you'd want it to, wakes up and replaces FCIV before I have to do it myself.