Slashdot Mirror


Implications Of The Recent Hash Function Attacks

An anonymous reader writes "Cryptography Research has issued a Q&A that explains the security implications of the hash function collision attacks recently announced at CRYPTO 2004. Apparently the consequences can be catastrophic for certain kinds of code signing and digital signatures, but MD5 sums for checking binaries are (mostly) OK. While the speculation that SHA-1 is about to fail seems to be overblown, updating the many legacy systems and protocols that rely on MD5 is going to be a massive undertaking."

6 of 262 comments (clear)

  1. browsers check for wildcard in domain names??????? by stonebeat.org · · Score: 3, Interesting

    For example, a devastating attack would be one that enabled adversaries to obtain a legitimate server certificate with a collision to one containing a wildcard for the domain name and an expiration date far in the future.

    quick questions:
    1) Don't the browser check for wildcard domain names in the certificates???
    2) If not, why not???

  2. Re:Idiot Question by ponds · · Score: 5, Interesting

    In many situations any data inconsistancy can cause catastrophe. When distributing binaries it isn't that big of a deal, however there are other applications of hashing algorithms.

    Think about forensics: Someone gets arrested, computer confiscated. The first thing that happens is a hash checksum is ran of the disk, then a disk image is made, then the image checksum is verified to make sure that it is the same as the original disk. If the checksum of the original disk ever changes, the evidence is useless. When there are collisions in the algorithm, the checksum cannot prove, beyond a reasonable doubt, that the data has not been tampered with. Especially when the hashing algorithm is ran on 20 or more gigabytes of data, which is the typical case in forensics.

  3. How about this... by Millennium · · Score: 3, Interesting

    Has a collision been found yet concerning data which has both the same MD5 sum and the same SHA-1 sum?

    It would seem as though even if SHA-1 were to fail, the two algorithms used together could bolster each other security-wise. This slows things down, of course, but would it not suffice for the time being?

  4. yes, it does invalidate its use by bani · · Score: 5, Interesting

    you don't have to generate specific malicious code in order to exploit md5.

    merely creating pure trash would be sufficient, think of the case of BIOS or other firmware. create random garbage with the same md5 hash and voila, you've turned your victim's PC/laptop/celphone/pda/etc into a doorstop.

    there are many other ways that md5 can be exploited, this is only one.

  5. Re:Summary for those too lazy to read it by Isao · · Score: 3, Interesting
    What it means is that you can't quite trust MD5 to guarantee that you got exactly, bit-for-bit, what you think you got.

    You never could. It merely said that it was unlikely for you to be getting something else. The difficulty of arranging such a situation just got easier. Not easy. Not trivial. Just easier. Probably by the same factor it got easier over the past four years due to Moore's law increases. Eventually this will become a real issue, and we should be prepared for that, much the same way we don't use plain DES any more.

  6. Real scoop by Anonymous Coward · · Score: 4, Interesting
    I wasn't there this year. A friend told me that the embarrassing thing was that the Chinese paper was REJECTED from the conference. They presented their results at the rump session. Other non-Asian researchers with hash collisions got papers in the conference. This doesn't help one's faith in academia, does it, when one of the most important developments at a conference is rejected by the program committee. There is a growing rift between Asian research and Western research. The Asian side has much lower standards, but also has some good results. Sometimes good Asian papers end up being rejected by association with so many mediocre Asian papers.

    Posted anonymously to avoid offending any of my colleagues.