Implications Of The Recent Hash Function Attacks

An anonymous reader writes "Cryptography Research has issued a Q&A that explains the security implications of the hash function collision attacks recently announced at CRYPTO 2004. Apparently the consequences can be catastrophic for certain kinds of code signing and digital signatures, but MD5 sums for checking binaries are (mostly) OK. While the speculation that SHA-1 is about to fail seems to be overblown, updating the many legacy systems and protocols that rely on MD5 is going to be a massive undertaking."

Hacking

[Sharp+Rulez]

In a nearly day, i'll be possible to hack d008960fa6b395dca1c8362165bb31be

Oh no! my nick is compromised!

[d41d8cd98f00b204e980]

A bad day for me.

Access

[lateralus_1024]

Yes but what does this mean to me, "Mr.MSAccess Guru/Administrator"?

Microsoft certification available upon request.

Our Goverment is on the ball

[Lieutenant_Dan]

Upon hearing these news, Tom Ridge raised the level of alert to "Amber".

At least this time he had something a tad more substantial to instill fear in the hearts of all patriotic Americans such as myself.

Thank you Department of Homeland Defense! I sleep so much better at night!

Re:gentleMEN

it just takes roughly the combined powers of 50 PCs to do it

Go ahead and say it - "Beowulf cluster".

a better solution already exists

[poot_rootbeer]

ROT-13 is completely invulnerable to hash collisions; no two non-identical inputs will ever result in identical outputs!

I recommend that everybody replace their existing encryption systems with ROT-13 immediately.

-Cbbg

Re:a better solution already exists

[Chris+Burke]

ROT-13 is considered horribly weak with modern computing power.

Much better to use double-ROT-13.

Re:This is what I've been saying!

[bradkittenbrink]

Read the Cryptography Research Q&A for some examples.

That's the most polite RTFA I've ever seen