Wednesday August 18, 2004 Bill Sommerfeld's Weblog
Still Under Construction. Watch for falling objects
Wednesday August 18, 2004 Getting the details right.. A C-Net story today reports:
The excitement began Thursday with an announcement that French computer scientist Antoine Joux had uncovered a flaw in a popular algorithm called MD5, often used with digital signatures. Then four Chinese researchers released a paper that reported a way to circumvent a second algorithm, SHA-0.err, um. Joux announced a SHA-0 collision, while the chinese found the MD5 collision.
The attack doesn't really "circumvent" SHA-0, and it's not like anyone actually uses the original SHA .. NIST announced that it was flawed in some unspecified way and replaced by SHA-1 which added a rotate to the message schedule for improved mixing.
The report then goes on to mention the use of MD5 by the Solaris Fingerprint Database -- a list of MD5 hashes of officially released solaris binaries -- without clarifying that the attacks on MD5 announced yesterday are not directly relevant to the use of MD5 by the SFPDB.
The research may well be a stepping stone to a future preimage attack on MD5, but it does not put it at risk today; the research likely also will point towards newer hash functions which are resistant to known attacks.
And I can't even tell what Declan meant by:
To write a specific backdoor and cloak it with the same hash collision may be much more time-intensive.
(2004-08-18 06:57:51.0)
Permalink
Calendar
| « August 2004 » | ||||||
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
1 | 2 | 3 | 4 | 5 | 6 | 7 |
8 | 9 | 10 | 11 | 12 | 13 | 14 |
16 | 19 | 20 | 21 | |||
22 | 23 | 24 | 26 | 27 | 28 | |
29 | 30 | 31 | ||||
| Today | ||||||
RSS Feeds
All
/General
/IETF
/IPsec
/Music
/OpenSolaris
/Solaris
Search
Links
- Team IPsec
- Bill Sommerfeld
- Dan McDonald