More hash woes
For the second year running, research presented at the annual Crypto conference raised concerns over the
security of commonly-used hash functions.
For the second year running, research presented at the
annual Crypto conference has raised concern over the
security of commonly-used hash functions. The encryption
field was thrown into a frenzy in August 2004 when the
security of hash functions MD5, SHA-0 and SHA-1 was
called into question (see VB, September 2004, p.3 and
October 2004, p.13). Last month, researchers revealed that
they have discovered a new, faster attack against the SHA-1
hashing algorithm.
Xiaoyun Wang, one of the team of Chinese researchers that
at last year’s Crypto conference outlined methods of finding
collisions in the MD4, MD5, HAVEL-128 and RIPEMD
algorithms, has announced that the time complexity of a
new attack her team has achieved against SHA-1 is 263 (the
team’s previous result was 269; brute force is 280). It is also
expected that this result will be improved upon over the
next couple of months. Wang’s paper can be found at
http://www.infosec.sdu.edu.cn/paper/sha1-crypto-auth-new-
2-yao.pdf.
In reaction to the findings, the National Institute of
Standards and Technology (NIST) plans to host a two-day
Cryptographic Hash Workshop on 31 October and 1
November 2005 to solicit public input on how best to
respond to the current state of research in this area.
29 August 2005
Tags:
virus
del.icio.us 
digg this
