SHA-1 for hashes

Question

SHA-1 for hashes

Closed this issue 5 years ago · 2 comments

Is it a good idea to use sha-1 for hashes? I wonder if it is okay to print these as sha-1 is considered broken.
On the other hand the shorthash only prints the first 7 characters, which relaxes the problem a bit.

Thoughts on that?

Answer 1 · 2019-07-30T09:31:24.000Z

The main way SHA-1 is broken relates to collision attacks, which is not applicable here. It basically boils down to: can you bruteforce (or use precomputed hashes) to find the hash given the first 7 characters? For weak secrets, there is definitely a risk with being able to bruteforce.

Answer 2 · 2019-10-14T15:36:17.000Z

Ciris 1.x is keeping SHA-1 for Secret. While we're only exposing 28 of 160 bits, you do need to make sure your secrets are strong enough (have a large enough key space) that exposing those 28 bits isn't an issue.