Show of 8-21-2004

  • Crypto Researches Find Flaws in Key Programs
    • On August 12th, French computer scientist Antoine Joux announced a flaw in MD5 which is often used with digital signatures
    • Four Chinese researches reported a way to circumvent the second algorithm SHA-0
    • On August 17th, Eli Biham and Rafi Chen announced breaking news about the SHA-1 algorithm at the Crypto 2004 Conference in Santa Barbara
      • SHA-1 is embedded in popular programs like PGP and SSL and is certified by National Institute of Standards and Technology
      • SHA-1 yields a 160-bit output which is longer than MD5?s 128-bit output
    • These discoveries should make hash collisions easier to create
      • Two contracts with the same signature would create a problem
      • MD5 flaws would allow a single PC to create a collision in a few? hours
    • Open source Apache uses MD5. So does Sun Micro?s Solaris Fingerprint Database
    • SHA-0 flaws speed hash collisions by 500 million times