SHA-1

Xavfsiz xesh algoritmlari
Konsepsiyalar
	xesh funksiyalar, SHA, DSA
Asosiy standartlar
	SHA-0, SHA-1, SHA-2, SHA-3
	k; m; t;

Kriptografiyada SHA-1 (Xavfsiz Xeshlash Algoritmi 1) – kiritilgan maʼlumotni qabul qilib, 160 bitli (20 baytli) xesh qiymatini yaratadigan xesh funksiyasidir. Bu qiymat xabar digesti deb atalib, odatda 40 ta oʻn oltilik raqam koʻrinishida ifodalanadi. SHA-1 Amerika Qoʻshma Shtatlari Milliy Xavfsizlik Agentligi tomonidan ishlab chiqilgan boʻlib, AQSh Federal Axborotni Qayta Ishlash Standarti hisoblanadi^[1]. Algoritm kriptografik jihatdan buzilgan boʻlsa-da, hali ham keng qoʻllanilmoqda^[2]^[3]^[4]^[5]^[6]^[7]^[8].

2005-yildan beri SHA-1 yaxshi moliyalashtirilgan raqiblarga qarshi xavfsiz deb hisoblanmaydi^[9]. 2010-yildan boshlab koʻplab tashkilotlar uni almashtirishni tavsiya etishgan^[10]^[8]^[11]. NIST 2011-yilda SHA-1 dan foydalanishni rasman eskirgan deb eʼlon qildi va 2013-yilda undan raqamli imzolar uchun foydalanishni taqiqladi hamda 2030-yilgacha undan toʻliq voz kechish kerakligini bildirdi. 2020-yilga kelib, SHA-1 ga qarshi tanlangan prefiks hujumlari amaliyotda qoʻllanila boshlandi^[12] (2020-yil xolatiga koʻra), chosen-prefix attacks against SHA-1 are practical.^[4]^[6]. Shu sababli, mahsulotlardan SHA-1 ni iloji boricha tezroq olib tashlash va uning oʻrniga SHA-2 yoki SHA-3 dan foydalanish tavsiya etilgan. SHA-1 ni almashtirish, ayniqsa, u raqamli imzolar uchun ishlatiladigan joylarda juda muhimdir.

2017-yilda barcha yirik veb-brauzer ishlab chiqaruvchilari SHA-1 SSL sertifikatlarini qabul qilishni toʻxtatdilar^[13]^[7]^[2]. 2017-yil fevral oyida CWI Amsterdam va Google SHA-1 ga qarshi toʻqnashuv hujumini amalga oshirganliklarini eʼlon qilishdi va bir xil SHA-1 xeshini hosil qilgan ikkita turli PDF fayllarini eʼlon qilishdi^[14]^[15]. Biroq, SHA-1 hali ham HMAC uchun xavfsiz hisoblanadi^[16].

Microsoft 2020-yil 3-avgustda Windows Update uchun SHA-1 kod imzolashni qoʻllab-quvvatlashni toʻxtatgan^[17]. Bu esa Windows 2000 dan Vista gacha, shuningdek Windows 2000 Server dan Server 2003 gacha boʻlgan Windows Server versiyalari kabi SHA-2 ga yangilanmagan Windows versiyalari uchun yangilash serverlarini amalda tugatdi.

Yana qarang

Kriptografik xesh funksiyalarni taqqoslash
Xesh funksiyasining xavfsizlik xulosasi
Xalqaro kriptologik tadqiqotlar assotsiatsiyasi
Xavfsiz xesh algoritmlari

Adabiyotlar

Eli Biham, Rafi Chen, Near-Collisions of SHA-0, Cryptology ePrint Archive, Report 2004/146, 2004 (appeared on CRYPTO 2004), IACR.org
Xiaoyun Wang, Hongbo Yu and Yiqun Lisa Yin, Efficient Collision Search Attacks on SHA-0, Crypto 2005
Xiaoyun Wang, Yiqun Lisa Yin and Hongbo Yu, Finding Collisions in the Full SHA-1, Crypto 2005
Henri Gilbert, Helena Handschuh: Security Analysis of SHA-256 and Sisters. Selected Areas in Cryptography 2003: pp175–193
An Illustrated Guide to Cryptographic Hashes
"Proposed Revision of Federal Information Processing Standard (FIPS) 180, Secure Hash Standard". Federal Register 59 (131): 35317–35318. 1994-07-11. http://frwebgate1.access.gpo.gov/cgi-bin/waisgate.cgi?WAISdocID=5963452267+0+0+0&WAISaction=retrieve. Qaraldi: 2007-04-26. SHA-1]]^{[sayt ishlamaydi]}
A. Cilardo, L. Esposito, A. Veniero, A. Mazzeo, V. Beltran, E. Ayugadé, A CellBE-based HPC application for the analysis of vulnerabilities in cryptographic hash functions, High Performance Computing and Communication international conference, August 2010

Manbalar

↑ „Secure Hash Standard (SHS)“. National Institute of Standards and Technology (2015). DOI:10.6028/NIST.FIPS.180-4. 2020-yil 7-yanvarda asl nusxadan arxivlangan. Qaraldi: 2019-yil 23-sentyabr.
↑ ^2,0 ^2,1 „The end of SHA-1 on the Public Web“ (en-US). Mozilla Security Blog (2017-yil 23-fevral). Qaraldi: 2019-yil 29-may.
↑ „SHA-1 Broken – Schneier on Security“. www.schneier.com.
↑ ^4,0 ^4,1 „Critical flaw demonstrated in common digital security algorithm“ (en-US). Nanyang Technological University, Singapore (2020-yil 24-yanvar).
↑ „New Cryptanalytic Results Against SHA-1 – Schneier on Security“. www.schneier.com.
↑ ^6,0 ^6,1 Leurent, Gaëtan; Peyrin, Thomas „SHA-1 is a Shambles First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust“. Cryptology ePrint Archive, Report 2020/014 (2020-yil 5-yanvar).
↑ ^7,0 ^7,1 „Google will drop SHA-1 encryption from Chrome by January 1, 2017“ (en-US). VentureBeat (2015-yil 18-dekabr). Qaraldi: 2019-yil 29-may.
↑ ^8,0 ^8,1 Stevens, Marc; Karpman, Pierre; Peyrin, Thomas „The SHAppening: freestart collisions for SHA-1“. Qaraldi: 2015-yil 9-oktyabr.
↑ Schneier, Bruce „Schneier on Security: Cryptanalysis of SHA-1“ (2005-yil 18-fevral).
↑ „NIST.gov – Computer Security Division – Computer Security Resource Center“. 2011-yil 25-iyunda asl nusxadan arxivlangan. Qaraldi: 2019-yil 5-yanvar.
↑ Schneier, Bruce „SHA-1 Freestart Collision“. Schneier on Security (2015-yil 8-oktyabr).
↑ NIST (2022-yil 15-dekabr). „NIST Retires SHA-1 Cryptographic Algorithm“ (en). Press-reliz.
↑ Goodin, Dan „Microsoft to retire support for SHA1 certificates in the next 4 months“ (en-us). Ars Technica (2016-yil 4-may). Qaraldi: 2019-yil 29-may.
↑ „CWI, Google announce first collision for Industry Security Standard SHA-1“. Qaraldi: 2017-yil 23-fevral.
↑
Stevens, Marc; Bursztein, Elie; Karpman, Pierre; Albertini, Ange; Markov, Yarik (2017). "The First Collision for Full SHA-1". in Katz, Jonathan; Shacham, Hovav. Lecture Notes in Computer Science. 10401. Advances in Cryptology – CRYPTO 2017. Springer. pp. 570–596. doi:10.1007/978-3-319-63688-7_19. ISBN 9783319636870. https://shattered.io/static/shattered.pdf.
- Marc Stevens; Elie Bursztein; Pierre Karpman; Ange Albertini; Yarik Markov „Announcing the first SHA1 collision“. Google Security Blog (2017-yil 23-fevral).
↑ Barker, Elaine (May 2020). Recommendation for Key Management: Part 1 – General, Table 3 (Technical Report). NIST. 56-bet. doi:10.6028/NIST.SP.800-57pt1r5.
↑ „SHA-1 Windows content to be retired August 3, 2020“. techcommunity.microsoft.com. Qaraldi: 2024-yil 28-fevral.

Havolalar

CSRC Cryptographic Toolkit – Official NIST site for the Secure Hash Standard
FIPS 180-4: Secure Hash Standard (SHS)
Interview with Yiqun Lisa Yin concerning the attack on SHA-1
Explanation of the successful attacks on SHA-1 (3 pages, 2006)
Cryptography Research – Hash Collision Q&A
Lecture on SHA-1 (1h 18m) YouTubeda by Christof Paar (Wayback Machine saytida 2017-04-24 sanasida arxivlangan)

[:0-1] „Secure Hash Standard (SHS)“. National Institute of Standards and Technology (2015). DOI:10.6028/NIST.FIPS.180-4. 2020-yil 7-yanvarda asl nusxadan arxivlangan. Qaraldi: 2019-yil 23-sentyabr.

[:1-2] 2,0 ^2,1 „The end of SHA-1 on the Public Web“ (en-US). Mozilla Security Blog (2017-yil 23-fevral). Qaraldi: 2019-yil 29-may.

[autogenerated1-3] „SHA-1 Broken – Schneier on Security“. www.schneier.com.

[:2-4] 4,0 ^4,1 „Critical flaw demonstrated in common digital security algorithm“ (en-US). Nanyang Technological University, Singapore (2020-yil 24-yanvar).

[:3-5] „New Cryptanalytic Results Against SHA-1 – Schneier on Security“. www.schneier.com.

[leurent-peyrin-sha1-shambles-6] 6,0 ^6,1 Leurent, Gaëtan; Peyrin, Thomas „SHA-1 is a Shambles First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust“. Cryptology ePrint Archive, Report 2020/014 (2020-yil 5-yanvar).

[:4-7] 7,0 ^7,1 „Google will drop SHA-1 encryption from Chrome by January 1, 2017“ (en-US). VentureBeat (2015-yil 18-dekabr). Qaraldi: 2019-yil 29-may.

[shappening-8] 8,0 ^8,1 Stevens, Marc; Karpman, Pierre; Peyrin, Thomas „The SHAppening: freestart collisions for SHA-1“. Qaraldi: 2015-yil 9-oktyabr.

[9] Schneier, Bruce „Schneier on Security: Cryptanalysis of SHA-1“ (2005-yil 18-fevral).

[10] „NIST.gov – Computer Security Division – Computer Security Resource Center“. 2011-yil 25-iyunda asl nusxadan arxivlangan. Qaraldi: 2019-yil 5-yanvar.

[11] Schneier, Bruce „SHA-1 Freestart Collision“. Schneier on Security (2015-yil 8-oktyabr).

[12] NIST (2022-yil 15-dekabr). „NIST Retires SHA-1 Cryptographic Algorithm“ (en). Press-reliz.

[13] Goodin, Dan „Microsoft to retire support for SHA1 certificates in the next 4 months“ (en-us). Ars Technica (2016-yil 4-may). Qaraldi: 2019-yil 29-may.

[14] „CWI, Google announce first collision for Industry Security Standard SHA-1“. Qaraldi: 2017-yil 23-fevral.

[sha1-shattered-15] Stevens, Marc; Bursztein, Elie; Karpman, Pierre; Albertini, Ange; Markov, Yarik (2017). "The First Collision for Full SHA-1". in Katz, Jonathan; Shacham, Hovav. Lecture Notes in Computer Science. 10401. Advances in Cryptology – CRYPTO 2017. Springer. pp. 570–596. doi:10.1007/978-3-319-63688-7_19. ISBN 9783319636870. https://shattered.io/static/shattered.pdf.
Marc Stevens; Elie Bursztein; Pierre Karpman; Ange Albertini; Yarik Markov „Announcing the first SHA1 collision“. Google Security Blog (2017-yil 23-fevral).

[16] Marc Stevens; Elie Bursztein; Pierre Karpman; Ange Albertini; Yarik Markov „Announcing the first SHA1 collision“. Google Security Blog (2017-yil 23-fevral).

[16] Barker, Elaine (May 2020). Recommendation for Key Management: Part 1 – General, Table 3 (Technical Report). NIST. 56-bet. doi:10.6028/NIST.SP.800-57pt1r5.

[17] „SHA-1 Windows content to be retired August 3, 2020“. techcommunity.microsoft.com. Qaraldi: 2024-yil 28-fevral.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]