9

I read SHA-1 is still a secured hashing function with no collision found as of now. However, it's just a matter of time for someone to come up with such a collision or attack. Therefore, in new projects, it is recommended to use SHA-256. SHA-512 is even better.

In Java, we still use the "SHA1PRNG" algorithm in the SecureRandom class for the purpose of generating IV (let's say for CBC).

Is SHA-1 secure enough as hash function within a PRNG to generate an unpredictable IV for CBC? Or is SHA-256 recommended, even for a PRNG?

Maarten Bodewes
  • 96,351
  • 14
  • 169
  • 323
Saptarshi Basu
  • 528
  • 5
  • 17

1 Answers1

12

I read SHA1 is still a secured hashing function with no collision found as of now.

You read an old text, this is not the case anymore since SHA-1 was SHAttered.

In Java, we still use SHA1PRNG algorithm in SecureRandom class for the purpose of generating IV (let's say for CBC).

Is it enough secured as a PRNG generating unpredictable IV for CBC? Or even for a PRNG, SHA256 is recommended?

SHA-1 is still fine for key derivation, HMAC, MGF1 based padding and indeed random generation and many other use cases that do not suffer from collision attacks.

That said, attacks can only get better, never worse, so using a more modern hash is always recommended. When it comes to random number generation the seeding is much more likely to be problematic though, and you should definitely make sure that your systems RNG is running correctly.

And, when it comes to Java's SecureRandom, you may want to consider my answer on StackOverflow and not use (or at least indicate) "SHA1PRNG" at all.

Community
  • 1
Maarten Bodewes
  • 96,351
  • 14
  • 169
  • 323