- On August 12th, French computer scientist Antoine Joux announced a flaw in MD5 which is often used with digital signatures
- Four Chinese researches reported a way to circumvent the second algorithm SHA-0
- On August 17th, Eli Biham and Rafi Chen announced breaking news about the SHA-1 algorithm at the Crypto 2004 Conference in Santa Barbara
- SHA-1 is embedded in popular programs like PGP and SSL and is certified by National Institute of Standards and Technology
- SHA-1 yields a 160-bit output which is longer than MD5?s 128-bit output
- These discoveries should make hash collisions easier to create
- Two contracts with the same signature would create a problem
- MD5 flaws would allow a single PC to create a collision in a few? hours
- Open source Apache uses MD5. So does Sun Micro?s Solaris Fingerprint Database
- SHA-0 flaws speed hash collisions by 500 million times
Show of 8-21-2004
August 21, 2004
- Crypto Researches Find Flaws in Key Programs