Successor to the throne
Despite all of the limitations in terms of the realistic possibilities of such attacks, the success of cryptanalysis demonstrates that the search for potential successors to SHA-1 must be stepped up. Burt Kalinski, head of the research department at RSA, expects the first pre-image attacks on SHA-1 to be successful within the next five to 10 years.
The further developments of SHA-1, which have hardly been used, have longer hash values and are some of the main potential successors: SHA-224, SHA-256, SHA-384, and SHA-512. They have the advantage of being the only hash functions besides SHA-1 that the US National Institute of Standards and Technology (NIST) has specified in its Federal Information Processing Standards. According to press reports, the NIST also revealed just before the success of the new SHA-1 attacks was announced that it would be replacing SHA-1 with SHA-256 and SHA-512 in the near future.
But some cryptanalysts doubt that these algorithms offer a good solution for the long term. After all, the main benefit they offer is a longer hash value. They may be vulnerable to the same kinds of attacks that may eventually make SHA-1 obsolete. We have to keep in mind that cryptanalysts have not been dealing with these potential successors nearly as much as with SHA-1. When that starts to change, new weaknesses may be discovered.
The same is true for the European algorithm RIPEMD-160, which did not manage to beat SHA-1. The RIPEMD variant it is based on was already cracked in 2004. The Chinese research group also cracked MD5, which is still commonly used, back in 2004.
Simply making a hash value longer does not automatically provide more security; this is also true for using two different hash values – such as MD5 and SHA-1 – for one message. And other alternatives based on block ciphers are generally too slow.
Another algorithm that has been talked about a lot in recent times is Whirlpool. It creates 512-bit hash values with its own block cipher called W, and is at least two times slower than SHA-1. To make things worse, it is not even two years old and has hardly been studied.
It is thus completely unclear who the successor to the throne will be. Perhaps a consensus will be reached in a manner similar to what happened when DES fell out of favor. Here, the NIST crowned the algorithm Rijndael as the Advanced Encryption Standard (AES). (ju)