Sha1 - on this webforum broken!

Hi malware forum,

If you analyze our webforum, you see various JS script, one of these is Sha1 script used on the googlebot-spoofer output:
Sha1 script = A JavaScript implementation of the Secure Hash Algorithm, SHA-1, as defined

But SHA-1 is broken, read how:
http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
These should be used: SHA-224, SHA-256, SHA-384, and SHA-512
They’re already government standard, so they can be used…

polonus

Well, “broken” here means that a collision was successfully generated. Yes, it means that there’s something wrong about the hash.
However, this is not really a problem for many applications, as generating a random collision wouldn’t help much (and it’s still a LONG way to generating a collision for GIVEN hash).

Hi igor,

You are right, but it is a good thing to keep a finger on the pulse, the more like developments go quickly.
Anyways it is good for our web forum members to know what it is for, and that we have this protection aboard. A user that is aware, is a better user for that i.m.o.

polonus