|All Hash Functions Broken????
(16 Aug 2004 at 22:51)
|Rumors are circulating that all of the widely used cryptographic hash functions have been broken, and that this will be announced at CRYPTO this week. (!!!!!!?!?!?!)|
This includes SHA-0 (already announced and verified), MD5 (sort of verified) and SHA-1 (rumored). MD5 is quite popular and SHA-1 is the government standard. These are used in digital signatures, which are a vital part of most public key cryptosystems, like the one used for securely browsing the web.
Someone has verified the collisions for MD5 (actually they are for a trivially different variant of MD5 with byte order swaps). Just knowing that collisions are out there would be bad enough, but their attack apparently only takes 1 hour to run (with an extra 15 seconds or so for subsequent collisions) on a medium-power cluster (IBM P690). When the details come out, that little padlock icon in your browser will become a lot less meaningful, at least until we refit the internet with replacement algorithms.
PS. Holy crap!!!!!!!?!?!?!
|whoa! this is what fraudsters call a "window of opportunity"|
|It definitely depends on the details of the attack... I guess we'll see soon.|