Security of hash functions called into question
The encryption field was thrown into a frenzy at the end of last month when
the security of hash functions MD5, SHA-0 and SHA-1 was called into question.
The encryption field was thrown into a frenzy at the end of last month when
the security of hash functions MD5, SHA-0 and SHA-1 was called into question.
First, a collision in SHA-0 was uncovered by Antoine Joux; then a group of
Chinese researchers released a paper which outlined methods of finding collisions
in the MD4, MD5, HAVEL-128 and RIPEMD algorithms; finally, researcher Eli
Biham of the Israel Institute of Technology reported at the Crypto 2004 conference
preliminary research findings that indicate the presence of vulnerabilities in SHA-1.
In principle it is not possible to design a hashing algorithm that prevents the
production of duplicate fingerprints (hash collisions), but the hashing algorithms
are designed to make it very difficult to generate duplicate hash codes. It
seems that, for MD5 at least, it is easier to do so than originally hoped.
While there currently does not seem to be an easy way of faking an arbitrary
hash code - thus limiting the usefulness of an attack - it does call into question
the usefulness of these hashes as digital signatures.
A similar situation is true of SHA-0, but the evidence that the more widely used
SHA-1 is likewise broken is not currently conclusive. However, the possibility
that SHA-1 may be flawed is a cause for concern, since SHA-1 has become a legal
standard for document signing - it is currently embedded in PGP and SSL and is
the only signing algorithm approved for use in the US Government’s Digital
Signature Standard.
[Next month’s issue of VB will contain a more detailed look at the
security flaws in these hashing algorithms and the implications for
the anti-virus industry.]
23 August 2004
Tags:
virus
del.icio.us 
digg this
