[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Fw: Relying on encryption is iffy. Undisclosed encryption is iffier.
FYI, Horrible pun on 'red flag' - but then that's what copy editors do! DW > # "Crack in Computer Security Code Raises Red Flag" > Wall Street Journal (03/15/05) P. A1; Forelle, > Charles > > A flaw in a "hash function" technique for > encrypting online data has been uncovered by a > team of Chinese researchers at Shandong > University, and this has raised alarms in the > computer security industry because it casts doubt > on the so-called impenetrability of hash > function-based cryptography. The researchers > found the vulnerability using the SHA-1 hash > algorithm, a federal standard circulated by the > U.S. National Institute of Standards and > Technology (NIST) that is also considered to be > cutting edge as well as the most popularly > employed hash function. The Shandong team learned > that "collisions," in which two different chunks > of data yield the same hash, can be uncovered in > SHA-1 far faster than previously thought. > Cryptographers say the exploitation of the flaw, > though seemingly impractical, could affect > applications involving authentication, > theoretically enabling a hacker to erect a bogus > Web site with convincing security credentials and > steal data sent to it by unsuspecting users. > Counterpane Internet Security CTO Bruce Schneier > confirms the existence of the SHA-1 flaw, which > the Chinese researchers have not publicized. NIST > is advising federal agencies to keep SHA-1 out of > any new applications, and urging them to devise > plans to eliminate SHA-1 from existing > applications. Recently demonstrated > vulnerabilities in other hash functions such as > MD4 and MD5--which SHA-1 is based on--have also > made cryptographers nervous. Concerns about > information security are at an all-time high even > without revelations about hash functions' > vulnerability, most recently thanks to break-ins > at data aggregators LexisNexis and ChoicePoint. >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]