SHA-0 Broken, MD5 Rumored Broken

An anonymous reader writes "Exciting advances in breaking hash functions this week at the CRYPTO conference. SHA-0 has definitely been broken (collision found in the full function). Rumors are that at the informal rump session, a researcher will announce a collision in full MD5 and RIPEMD-128. And Ed Felten is speculating about collisions in SHA-1! Many systems, especially those that use cryptography for digital signatures are most at risk here."

Okay that's it

I picked the wrong week to quit sniffing MD5 hashes.

ec7b19b60e616fb1c6013d4ada83ec32

d008960fa6b395dca1c8362165bb31be

Re:ec7b19b60e616fb1c6013d4ada83ec32

[idiot900]

d008960fa6b395dca1c8362165bb31be

You know you're a complete and utter nerd when you read this post, immediately understand it, and laugh out loud, as I just did :)

Re:ec7b19b60e616fb1c6013d4ada83ec32

[boots@work]

Is this a Google job ad? If so, 66b24eeeacbccd0baa0c582982f751ab.

Re:ec7b19b60e616fb1c6013d4ada83ec32

[Basehart]

No kidding. I looked at that and kracked up.

Re:ec7b19b60e616fb1c6013d4ada83ec32

[kghougaard]

As one of my friends responded a few days back, when a guy called him a nerd:

"No, no, it's called expert"

I now use that every single time...

Re:Just a Thought . . .

Good plan. I will switch all my systems to "telnet" immediately. Thank you for your insightful comment.

Happy for holes?

[ejito]

"We are glad to announce that we found a collision for SHA-0." - from the article

I just found the wording kinda weird... I'm hoping to do research in cryptography in the future. I know I'd feel quite proud if I found a vulnerability like that, but is it appropriate to show such enthusiasm? Kinda like an overjoyed astronomer that finds a comet heading into a collision course with Earth.

Re:Happy for holes?

[0x0d0a]

Kinda like an overjoyed astronomer that finds a comet heading into a collision course with Earth.

*I'd* be happy. Missing seeing that comet would definitely suck.

Re:Consequences?

Uhh....

Shit?

This could be a problem.

[WhatAmIDoingHere]

As long as we don't tell anybody, it doesn't exist right?

Oh...

Broken how?

[Matey-O]

If it's brute force, I'm not worried. If it's a cryptologically trivial computation, I'll have to go back to ROT26.

Re:Broken how?

[prichardson]

ROT26 sucks! Doing ROT13 twice makes so much more sense. I've even heard of people who do ROT2 thirteen times. I think they're a little wacky though.

Re:Broken how?

ROT26 sucks!

Then for the love of God, WHY ARE YOU USING IT???

Re:Should We Fear?

[kendoka]

Your bank will buy enron stock with your accounts, your credit card will explode, and your mind will begin to melt. Nuclear missiles will spontaneously launch and direct themselves to your house. Bush will be exposed as a witless robot when he begins to utter swahili at a press conference. The Martians will arrive from their base on the dark side of the moon, and the War of the Worlds will begin. Super-Bowl half-time will be unceremoniously interrupted when terrorists will arrive to sear off Janet Jackson's nipple with a laser in the name of Allah.

Re:Next step

ROT13 should be safe for some time.

Yeah, but..

[AgentPhunk]

That's nothing. I can decrypt 1024-bit encryption in my head, in under 60 seconds, with Natalie Portman and Halle Berry rolling about in hot grits just off to the side of my 6 flatpanels.

Seriously though, makes you wonder how long the spooks have known about this.

(yells out) "Hon? Where's the tin foil?"

Re:Should We Fear?

Yes, but how does this affect me personally?

Re:Next step

[krog]

Security experts recommend using Triple-ROT13 for increased safety.

wha??

[flacco]

i don't care about the implications for crypto or the science behind all of this. i just want to know what the fuck a "rump session" is, and would appreciate tips on avoiding them if i should go to such a conference.

Welcome to the Museum of Overused Slashdot Jokes

I've been running Outlook Express 4 and IE 3.05 unpatched on Win98SE for ages without a single probl@$#%@&^+++NO CARRIER+++

And here ladies and gentlemen, we have an example of the classic "NO CARRIER" joke. This probably was already in use before the 1-digit UID serie even started on Slashdot. It is quite old, and most people are tired of it, but some still thing it's funny.

And now, we'll move to the next MOSJ exhibit: a large former-USSR flag, and words printed on swappable cards...

Re:Of course!

[Zangief]

There always going to be collisions in check-sums. If that weren't the case than we wouldn't need to distribute actual files, just check-sums.

You just ruined a GREAT and REVOLUTIONARY compression algorithm!!!

Re:Should We Fear?

[prichardson]

I don't think George Bush is going to start spewing Swahili anytime soon. He has enough troubles with English.

It means we all have to carry a midget around

[IronChefMorimoto]

Yep -- that's right. I'm not a crypto expert. Hell -- I'm a layman compared to most /.'ers, and my user number proves it (all 7 embarrassing digits of it). But I do know this -- if Slashdot crypto geeks are concerned about it, then we've reached the point of...

CARRYING A MIDGET AROUND.

Yes, it's true. Every person with encrypted data on Earth will soon have to carry around a Level 10 Anthromorphic Hexidecimal Midget Encryption System. Or "Midget Key" for short. The midget will become part of every computer purchase where the user requires high encryption, secured communications, etc. Families without sufficient room to accommodate and feed the midget will have to run computers with the old and vulnerable encryption technologies.

Meanwhile, those of us with a Midget Key will need to have his/her encryption midget with us at all times. The midget will encrypt data locally by locking a portable hard drive to his/her wrist and preventing anyone OTHER THAN THE OWNER of said local data from accessing it again. To facilitate this local midget encryption, each encryption midget will be equipped with:

- body armor
- handgun
- lightweight sub-machine gun
- tactical nuclear or convential explosive self destruct device

Addtionally, each encryption midget will be required to communicate with all other encryption midgets around the world using special genetically encoded phones that cannot be replicated outside of the midget gene pool. The phone will be surgically embedded in the arm of each encryption midget and require a drop of said midget's body temperature saliva to activate the phone (a.k.a. spit on the arm to make the call).

Why encryption midgets? They're:

- portable
- eat less than an encryption giant and/or an encryption obese person
- tough as nails

Why tough as nails? If you've watched The Amazing Race at all this season on CBS, you have witnessed a midget drag her whiney, lazy cousin around the world. She has become the envy of other teams featuring health nuts, ex-Marines, and super-Christians. Who wouldn't entrust their data with a badass little person that can grab a live electrified cattle fence somewhere in South America, cuss about it, and STILL manage to continue the race?

Get me THAT encryption midget, and you'll never get a hold of MY data!

IronChefMorimoto

[Note -- if the midget from the show mentioned above has been eliminated from said show, then our data is doomed. I've missed the last several episodes, so all may be lost.]

Re:It means we all have to carry a midget around

[aelbric]

I only see 6 digits in your ID, maybe your hash was cracked.

Re:It means we all have to carry a midget around

[PinchDuck]

It's better then my encryption dog. That system was broken with a raw DEADBEEF attack. Lousy mutt.

Re:It means we all have to carry a midget around

[Mr.+Hankey]

Not yet at the same time, you'll need to wait for the duct tape patch in a week or so.

Re:FP

$ echo "I have no dick" | md5sum
WOOT!!

Re:Don't the laws of computing make it...

[cpt+kangarooski]

Truly random? Well, you could always buy a copy of "A Million Random Digits" but I still don't think it would work out well for you. ;)

Re:Should We Fear?

I don't know if I'm ready for a collision at a "informal rump session"

Good journalism

[Pan+T.+Hose]

Slashdot reports that CowboyNeal posts that an anonymous reader writes that rumors are that at the informal rump session, an unknown researcher will announce a collision in full MD5, two ACs confirm, all slashdotters consider MD5 definitely proved broken, film at eleven. That is what I call good journalism.

Re:Should We Fear?

[kendoka]

WHAT WOULD IT MEAN TO YOU IF YOU GOT A SEMI-AUTOMATIC WEAPON?

Perhaps I could shoot the first family. =P

TELL ME MORE ABOUT YOUR FAMILY

What business is it of yours?

TELL ME MORE ABOUT YOUR BUSINESS. I CAN OFFER INCENTIVES TO SMALL BUSINESS OWNERS.

Uh, how about we talk about something else...

SOMETHING ELSE...

You know, you're starting to sound like a program I wrote in introduction to programming...

WHAT RESEMBLANCE DO YOU SEE

You are not very intelligent-sounding.

WHAT MAKES YOU THINK I AM NOT VERY INTELLIGENT-SOUNDING?

You never say anything but conservative rhetoric.

WHY DO YOU THINK I NEVER SAY ANYTHING BUT CONSERVATIVE RHETORIC?

You're a mindless tool for the Right-Wing Conspiracy.

DOES IT PLEASE YOU TO BELIEVE I AM A MINDLESS TOOL FOR THE RIGHT-WING CONSPIRACY?

Damn it! I knew it! You're just a useless Eliza hack!

WHAT ELSE COMES TO YOUR MIND WHEN YOU THINK OF ELIZA?

Re: Umm...

[Black+Parrot]

> Now, if it were possible to generate a message to collide with a given hash, that would be a big deal.

DeaR Valooed Customer,

Ple ase tipe yoUr credit card imformaTion into the_form beElow.

Tha nk s,
Customr Cervise

Re:Don't the laws of computing make it...

This quote makes me feel extremely insignificant and tiny.

Shit. I just put some porn on the big screen downstairs and I feel insignificant and tiny.

Re:md5 is so weak

[Roguelazer]

I give up on the title... I tried all the usual slashdot titles (varying caps and w/ and w/o punctuation)...

"md5 cracked?"

"crack this!"

"GNAA"

"In Soviet Russia, MD5 cracks you!"

"fp!"

"First Post!"

I just don't get it...

Re:Don't the laws of computing make it...

[mindfucker]

now, the annual energy output of our sun is about 121 * 10^41 ergs. this is enough to power about 2.7 * 10^56 single bit changes on our ideal computer; enough state changes to put a 187-bit counter through all its values. if we build a dyson sphere around the sun and captured all of its energy output for 32 years, without any loss, we should power a computer to count up to 2 ^ 192. of course, it wouldn't have the energy left over to perform any useful calculations with this counter.

but that's just one star, and a measly one at that. a typical supernova releases something like 10^51 ergs. (about a hundred times as much energy would be released in the form of neutrinos, but i let them go for now.) if all this energy could be channeled into a single orgy of computation, a 219-bit counter could be cycled through all of its states.

these numbers have nothing to do with the technology of the devices; they are the maximum that thermodynamics will allow. and they strongly imply that brute-force attracks against 256-bit keys will be infeasable until computers are built from something other than matter and occupy something other than space.

bruce schneier, applied cryptography, p 158

Okay Bruce, guess I'll have to take your word for it...

Re:Kind of expected this

[g-san]

hmmmm....

I have heard rumors of a cypher on the street called SHA-X. It's not mathematically strong, as you so eloquently put, but it's supposed to be really good, really stong stuff. And is really asymmetrical, meaning it takes less time to decypher the message after encryption. Unfortunately it uses a semi-random keysize, so you never know the strength until you try to decrypt. It also has a key that destroys itself 48 hours later so Alice or Bob can't even tell you were ever encrypted. Only problem is the algorithm tends to overuse one particular register resulting in spontaneous cpu burnout.

But hey, if you got extra cpus...

Re:Should We Fear?

[Stephen+Samuel]

I don't think George Bush is going to start spewing Swahili anytime soon. He has enough troubles with English.

Now you know why.

Re:Next step

[IchBinEinPenguin]

How otfen does this have to be said:
- odd is development
- even is release

use ROT13, tripple-ROT13, quintupple-ROT13 for DEVELOPMENT WORK ONLY!
For release work, use double, quadruple, hextuple-ROT13

How to crack hashes

[flux]

Well, it's quite simple actually. Let's take an arbitrary md5sum for instance:

d3b07384d113edec49eaa6238ad5ff00

Now, we obviously can see that the beginning of the data is complete gibberish. However, may I point your attention to the trailing three nibbles: f00. This is a clear clue! Let's use that as a base for our educated guess:

% echo foo | md5sum

d3b07384d113edec49eaa6238ad5ff00 -

And voilá, we're cracked it!

Re:Don't the laws of computing make it...

[dackroyd]

If the computation is carried out using a reversible (classical) computer, thermodynamics does not place any such restriction on computation.

I would be _very_ interested in buying any machine off you that is not subject to the laws of thermodynamics.

Re:md5 is so weak

[freeweed]

I didn't figured out your title tough.

Just wait till the end of the conference. I hear there's a rumor MD5 is broken :)

Re:md5 is so weak

[vinlud]

I give up on the title... I tried all the usual slashdot titles (varying caps and w/ and w/o punctuation)...

You forgot the typo's...

Re:Next step

[Hard_Code]

Moron. Rot13 is ODD. Use ROT12, it's the last stable version.