Oopsie -- it broke!
From
The New Scientist comes this story of something that broke:
Busted! A crisis in cryptography
The gold standard of digital security - used to authenticate everything from secure websites for credit card transactions to passwords and digital signatures - lies in tatters.
"Last year, I walked away saying thank God she didn't get a break in SHA-1," says William Burr. "Well, now she has." Burr, a cryptographer at the National Institute of Standards and Technology in Gaithersburg, Maryland, is talking about Xiaoyun Wang, a Chinese cryptographer with a formidable knack for breaking things. Last year Wang, now at Tsinghua University in Beijing, stunned the cryptographic community by breaking a widely used computer security formula called MD5. This year, to Burr's dismay, she went further. Much further.
SHA-1 is pretty much the pinnacle of computer security, an algorithm invented and endorsed by the US National Security Agency (NSA) and used in a huge range of security applications. But not for much longer, it seems. "This is a bit like when you see the first water seeping through the dyke," Burr says.
Here is the Wikipedia entry for
Xiaoyun Wang
Bruce Schneier (no slouch on this sort of stuff himself)
had this to say:
SHA-1 Broken
SHA-1 has been broken. Not a reduced-round version. Not a simplified version. The real thing.
The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu (mostly from Shandong University in China) have been quietly circulating a paper describing their results.
Bruce's post was much earlier this year (February) and it describes the very early work that was able to get matches in many fewer tries than would be required by a brute force method.
Nothing is perfectly encrypted -- the object of algorithms like SHA-1 is to make it take tens of years running a supercomputer -- by then, the information is mostly worthless.
Posted by DaveH at December 17, 2005 11:34 PM
| TrackBack