[ back to Tom 7 Radar ]

w
e
b

l
i
n
k
All Hash Functions Broken???? (16 Aug 2004 at 22:51)
Rumors are circulating that all of the widely used cryptographic hash functions have been broken, and that this will be announced at CRYPTO this week. (!!!!!!?!?!?!)

This includes SHA-0 (already announced and verified), MD5 (sort of verified) and SHA-1 (rumored). MD5 is quite popular and SHA-1 is the government standard. These are used in digital signatures, which are a vital part of most public key cryptosystems, like the one used for securely browsing the web.

Someone has verified the collisions for MD5 (actually they are for a trivially different variant of MD5 with byte order swaps). Just knowing that collisions are out there would be bad enough, but their attack apparently only takes 1 hour to run (with an extra 15 seconds or so for subsequent collisions) on a medium-power cluster (IBM P690). When the details come out, that little padlock icon in your browser will become a lot less meaningful, at least until we refit the internet with replacement algorithms.

PS. Holy crap!!!!!!!?!?!?!

c
o
m
m
e
n
t
ndm (qwest144-dsl5.cybermesa.com) – 08.17.04 01:23:23
whoa! this is what fraudsters call a "window of opportunity"
c
o
m
m
e
n
t
Tom 7 (h-67-101-136-200.phlapafg.dynamic.covad.net) – 08.17.04 09:15:41
It definitely depends on the details of the attack... I guess we'll see soon.
p
o
s
t

a

c
o
m
m
e
n
t
[ Tom 7 Radar  •  Tom 7 on Google+  •  on Twitter  •  on Facebook ]