|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: InfoSec News (alerts
infosecnews.org)
Date: Thu Jun 11 2009 - 02:17:56 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
http://www.theregister.co.uk/2009/06/10/digital_signature_weakness/
By Dan Goodin in San Francisco
The Register
10th June 2009
Cryptographers have found new chinks in a widely-used digital-signature
algorithm that have serious consequences for applications that sign
email, validate websites, and carry out dozens of other online
authentication functions.
The researchers, from Macquarie University in Sydney, Australia, found a
way to break the SHA-1 algorithm in significantly fewer tries than
previously required. Although the hash function was previously believed
to withstand attempts numbering 2-63, the researchers have been able to
whittle that down to 2-52, a number that puts practical attacks well
within grasp of well-funded organizations.
Secure hashing algorithms are designed to reduce text or digital files
to a unique series of letters and numbers that is often compared to the
document's signature. The findings, which were published Wednesday here
(PDF) [1], mean it's easier to create what cryptographers call
collisions in SHA-1, in which two different sources share the same the
same output.
"I'm expecting that we'll start seeing SHA-1 collisions before the end
of the year, if not sooner," said Paul Kocher, president and chief
scientist at Cryptography Research, a San Francisco-based consultancy.
"For applications that fail because of collisions, you need to be really
worried."
[1] http://eprint.iacr.org/2009/259.pdf
[...]
_____________________________________________
Visit the InfoSec News security bookstore!
http://www.shopinfosecnews.org
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]