Monday, July 18, 2005

SHA-1 break paper available

Recently, a paper by Xiaoyun Wang et al describes how collusions can be found on the common hashing technique SHA-1.
"In this paper, we present new collusion search attack on SHA-1".

This cryptographic volnurability has some far reaching implications as to the security of encryption systems.
For example, since digital signatures normally signs the hash of a document, an attacker might be able to forge a signature on a Word .DOC file - by taking a legitimate document D and modifying it (by adding spaces, changing file format, etc) to have a hash signature of another document.

As most cryptographic issues, there may or may not be an immediate issue, and solutions will have to be provided by cryptographic libraries providers. But it is a fascinating read - assumptions we made out-of-hand just years ago keep getting proven wrong. There's a lesson in it somewhere, if only I could find it.
Tags: software cryptography

No comments: