Slashdot Mirror

← Back to Stories (view on slashdot.org)

SHA-0 Broken, MD5 Rumored Broken

Posted by CowboyNeal on from the lucky-numbers dept.

An anonymous reader writes "Exciting advances in breaking hash functions this week at the CRYPTO conference. SHA-0 has definitely been broken (collision found in the full function). Rumors are that at the informal rump session, a researcher will announce a collision in full MD5 and RIPEMD-128. And Ed Felten is speculating about collisions in SHA-1! Many systems, especially those that use cryptography for digital signatures are most at risk here."

5 of 707 comments (clear)

  1. Consequences? by Fruny · · Score: 5, Insightful

    Can a crypto-geek sum up the consequences for all of us dummies? Thanks.

  2. No, No, No! by chicagozer · · Score: 5, Insightful

    Obtaining the original data is hardly the point of breaking the hash. You can't recreate the Illiad from 2048 bits for God's sake.
    An attacker's goal would be to substitute something else for the original data and make you trust it.

    --
    ZZ
  3. Re:Should We Fear? by Dr.+Blue · · Score: 5, Insightful
    First step is MATCHING some checksums (this has been done)
    The next step is CHOOSING the chekcsum (aka DEADBEEF attack)
    The next step is MANIPULATING, i.e. adding junk to a given binary file to allow you to choose the cheksum. that's the scary one!

    Actually, you can do interesting and dangerous things with variants of your first step, not even progressing to step two. The MD5 collisions (well, almost collisions) are largely the same input data that has differences in only a few places. Now imagine that I have two messages that say something like this:

    1. "Joe will send Dr. Blue $10. Confirmation number 1234567."
    2. "Joe will send Dr. Blue $100000. Confirmation number 6451234."
    Now lets say I can manipulate the confirmation numbers in those two messages so that they have the same hash value -- I don't care what the hash is, as long as it's the same in both cases. Then I send you the $10 message.

    If you agree, you sign it. But you realize that digital signatures don't actually sign the message, right? They sign the hash of the message, so I can later produce the $100000 message, with your signature, and it will verify that you signed that message!

  4. Re:md5 is so weak by Bingo+Foo · · Score: 5, Insightful

    Okay, jokes aside, this shows how social engineering will always be among the best tools for cracking. Krunch, you da man.

    --
    taken! (by Davidleeroth) Thanks Bingo Foo!
  5. Re:Don't the laws of computing make it... by +MG · · Score: 5, Insightful
    Indeed, here's another novel argument from Bruce Schneier's book.... in regards to the strength of 256-bit encryption: now, the annual energy output of our sun is about 121 * 10^41 ergs. this is enough to power about 2.7 * 10^56 single bit changes on our ideal computer; enough state changes to put a 187-bit counter through all its values. if we build a dyson sphere around the sun and captured all of its energy output for 32 years, without any loss, we should power a computer to count up to 2 ^ 192. of course, it wouldn't have the energy left over to perform any useful calculations with this counter.
    That is an erroneous conclusion based upon the (incorrect) assumption that a small amount of energy (kT) must be dissipated for each elementary computational step. If the computation is carried out using a reversible (classical) computer, this is not the case. Thermodynamics does not place any such restriction on computation. On the other hand, quantum mechanics does place constraints on the speed of a classical computer.
    For more fun see Ultimate physical limits to computation by Seth Lloyd