Encryption circles are buzzing this week with news that mathematical functions embedded in common security applications might have previously unknown weaknesses. The excitement began last Thursday with an announcement that French computer scientist Antoine Joux had uncovered a flaw in a popular algorithm called MD5, often used with digital signatures. Then four Chinese researchers released a paper that reported a way to circumvent a second algorithm, SHA-0. While their results are preliminary, these discoveries could eventually make it easier for intruders to insert undetectable back doors into computer code or to forge an electronic signature--unless a different, more secure algorithm is used. A third, widely anticipated announcement, which could be even more dramatic, is scheduled to take place Tuesday evening at the Crypto 2004 conference in Santa Barbara, Calif. Eli Biham and Rafi Chen, researchers at the Israel Institute of Technology, originally were scheduled to present a paper identifying ways to assail the security in the SHA-0 algorithm, which is known to have imperfections. Now they're promising to discuss "breaking news information" about the SHA-1 algorithm at a conference session that was set to begin at 7 p.m. PDT. News of serious flaws in the SHA-1 algorithm could, depending on the details, roil the computer security industry. Currently considered the gold standard of its class of algorithms, SHA-1 is embedded in popular programs like PGP and SSL. It's certified by the National Institute of Standards and Technology and is the only signing algorithm approved for use in the U.S. government's Digital Signature Standard. SHA-1 yields a 160-bit output, which is longer than MD5's 128-bit output and is considered more secure.
see link in post below
Terminal
Aug 20 2004, 03:49 PM
time for a new encryption standard . E%#$%348u4%#$5\3454543$%#!@#@#FGH<M>:LP%^$%^$%^$%
the proof they give is a series of like two dozen characters in hex. The only difference is three characters between the sets.
So it's like this: Set 1: AAAB
Set 2: AAAC
Both sets have the same MD5 results. There's PERL code that will do the md5 hash for you, too. Whatever method they used to find these two can be used to generate a set Z where MD5(Z) = Y just by knowing Y. The reason why this is significant, is because MD5(X) = Y as well.
Why figure out someone's password X when you can use a generated one, Z?
Terminal
Aug 22 2004, 08:39 AM
QUOTE (Yorn @ Aug 22 2004, 01:19 PM)
the proof they give is a series of like two dozen characters in hex. The only difference is three characters between the sets.
So it's like this: Set 1: AAAB
Set 2: AAAC
Both sets have the same MD5 results. There's PERL code that will do the md5 hash for you, too. Whatever method they used to find these two can be used to generate a set Z where MD5(Z) = Y just by knowing Y. The reason why this is significant, is because MD5(X) = Y as well.
Why figure out someone's password X when you can use a generated one, Z?
looke really interesting
strohunter
Aug 22 2004, 09:31 AM
there's already sha256 384 and 512 to replace md5
nuorder
Aug 22 2004, 12:13 PM
it seems that at the moment no method has (yet?) been devised to choose a value then generate several other values that have the same md5 hash as the one specified - but being able to do this would be a really big problem for the signing of messages or files, etc
and for sha1 (sha0 is was vulnerable a while ago) being able to break the remaining 40 rounds would be quite an achievment, theres possible rumours but i can imagine that the NSA would have desgined sha1 prettey well as to make it rather difficult
it'll be interesting to see what happens next...
tibbar
Aug 29 2004, 02:17 PM
ive heard strong rumours about this for 10 months now, when i originally posted it in the exploit forum no one would believe me!
it's been in the wild for over 10 months in the chinese underground, which is quite scary when you think of all the government systems that could have been compromised in that time.
ive not seen POC, only a reliable source had confirmed this to me back then.
sebas1234
Sep 2 2004, 04:00 PM
This indeed would have inmense ramifications. I think they call those collisions, Where you can find different passwords that correspond to a specific hash. This tends to be the same way which previous encryptions have been broken. However it was hard on MD5 because the number of multiple password per hash is very small. They have been trying to find a way to find these but so far nothing, if this article is true its going to have profound ramifications. No more the need for those couple hundred gigs in rainbow tables.
w00dy
Sep 3 2004, 04:42 AM
The truth is the US government doesnt even let any encrytion technology/algorithm be used unless they have managed to break it. Until they manage to find its weaknesses, they take the code, call it classified, and arrest/prosecute you if you attempt to use it. For this reason, all the common encryption techniques, md5, 3des, pgp, etc. all have some sort of weaknesses, otherwise they would still be under lock and key by the government.
sektorX
Sep 26 2004, 06:41 PM
QUOTE
The truth is the US government doesnt even let any encrytion technology/algorithm be used unless they have managed to break it. Until they manage to find its weaknesses, they take the code, call it classified, and arrest/prosecute you if you attempt to use it. For this reason, all the common encryption techniques, md5, 3des, pgp, etc. all have some sort of weaknesses, otherwise they would still be under lock and key by the government.
That's kinda disturbing. That way if any information about that encryption would be leaked, it could go horribly wrong
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
