Slashdot Mirror


SHA-0 Broken, MD5 Rumored Broken

An anonymous reader writes "Exciting advances in breaking hash functions this week at the CRYPTO conference. SHA-0 has definitely been broken (collision found in the full function). Rumors are that at the informal rump session, a researcher will announce a collision in full MD5 and RIPEMD-128. And Ed Felten is speculating about collisions in SHA-1! Many systems, especially those that use cryptography for digital signatures are most at risk here."

9 of 707 comments (clear)

  1. Okay that's it by Anonymous Coward · · Score: 5, Funny

    I picked the wrong week to quit sniffing MD5 hashes.

  2. ec7b19b60e616fb1c6013d4ada83ec32 by Anonymous Coward · · Score: 5, Funny

    d008960fa6b395dca1c8362165bb31be

  3. Happy for holes? by ejito · · Score: 5, Funny
    "We are glad to announce that we found a collision for SHA-0." - from the article
    I just found the wording kinda weird... I'm hoping to do research in cryptography in the future. I know I'd feel quite proud if I found a vulnerability like that, but is it appropriate to show such enthusiasm? Kinda like an overjoyed astronomer that finds a comet heading into a collision course with Earth.
    1. Re:Happy for holes? by 0x0d0a · · Score: 5, Funny

      Kinda like an overjoyed astronomer that finds a comet heading into a collision course with Earth.

      *I'd* be happy. Missing seeing that comet would definitely suck.

  4. Re:Should We Fear? by kendoka · · Score: 5, Funny

    Your bank will buy enron stock with your accounts, your credit card will explode, and your mind will begin to melt. Nuclear missiles will spontaneously launch and direct themselves to your house. Bush will be exposed as a witless robot when he begins to utter swahili at a press conference. The Martians will arrive from their base on the dark side of the moon, and the War of the Worlds will begin. Super-Bowl half-time will be unceremoniously interrupted when terrorists will arrive to sear off Janet Jackson's nipple with a laser in the name of Allah.

  5. It means we all have to carry a midget around by IronChefMorimoto · · Score: 5, Funny

    Yep -- that's right. I'm not a crypto expert. Hell -- I'm a layman compared to most /.'ers, and my user number proves it (all 7 embarrassing digits of it). But I do know this -- if Slashdot crypto geeks are concerned about it, then we've reached the point of...

    CARRYING A MIDGET AROUND.

    Yes, it's true. Every person with encrypted data on Earth will soon have to carry around a Level 10 Anthromorphic Hexidecimal Midget Encryption System. Or "Midget Key" for short. The midget will become part of every computer purchase where the user requires high encryption, secured communications, etc. Families without sufficient room to accommodate and feed the midget will have to run computers with the old and vulnerable encryption technologies.

    Meanwhile, those of us with a Midget Key will need to have his/her encryption midget with us at all times. The midget will encrypt data locally by locking a portable hard drive to his/her wrist and preventing anyone OTHER THAN THE OWNER of said local data from accessing it again. To facilitate this local midget encryption, each encryption midget will be equipped with:

    - body armor
    - handgun
    - lightweight sub-machine gun
    - tactical nuclear or convential explosive self destruct device

    Addtionally, each encryption midget will be required to communicate with all other encryption midgets around the world using special genetically encoded phones that cannot be replicated outside of the midget gene pool. The phone will be surgically embedded in the arm of each encryption midget and require a drop of said midget's body temperature saliva to activate the phone (a.k.a. spit on the arm to make the call).

    Why encryption midgets? They're:

    - portable
    - eat less than an encryption giant and/or an encryption obese person
    - tough as nails

    Why tough as nails? If you've watched The Amazing Race at all this season on CBS, you have witnessed a midget drag her whiney, lazy cousin around the world. She has become the envy of other teams featuring health nuts, ex-Marines, and super-Christians. Who wouldn't entrust their data with a badass little person that can grab a live electrified cattle fence somewhere in South America, cuss about it, and STILL manage to continue the race?

    Get me THAT encryption midget, and you'll never get a hold of MY data!

    IronChefMorimoto

    [Note -- if the midget from the show mentioned above has been eliminated from said show, then our data is doomed. I've missed the last several episodes, so all may be lost.]

    1. Re:It means we all have to carry a midget around by PinchDuck · · Score: 5, Funny

      It's better then my encryption dog. That system was broken with a raw DEADBEEF attack. Lousy mutt.

  6. Re:Kind of expected this by g-san · · Score: 5, Funny

    hmmmm....

    I have heard rumors of a cypher on the street called SHA-X. It's not mathematically strong, as you so eloquently put, but it's supposed to be really good, really stong stuff. And is really asymmetrical, meaning it takes less time to decypher the message after encryption. Unfortunately it uses a semi-random keysize, so you never know the strength until you try to decrypt. It also has a key that destroys itself 48 hours later so Alice or Bob can't even tell you were ever encrypted. Only problem is the algorithm tends to overuse one particular register resulting in spontaneous cpu burnout.

    But hey, if you got extra cpus...

  7. Re:Next step by IchBinEinPenguin · · Score: 5, Funny

    How otfen does this have to be said:
    - odd is development
    - even is release

    use ROT13, tripple-ROT13, quintupple-ROT13 for DEVELOPMENT WORK ONLY!
    For release work, use double, quadruple, hextuple-ROT13