Wednesday, July 13, 2005

Flaws in MD5 Hashing, and its Implications

Starting from a post at Keith Brown's blog I have been reading about flaws in the MD5 Hash protocol that were reported last year. Here are some links to articles about it at TechRepublic and TechWorld that have more details and point to the original publications.
I think I heard about this but was not aware of the implications. Apparently MD5 signatures are use to authenticate code by Sun and Apache and recently I noticed Tucows does too. I had assumed this was a significant advance! One article says that SHA-1 is significantly more secure, so I wonder why they don't move to it. It is standard in the .NET Framework for signed assemblies. But elsewhere, here, and here, there are suggestions that SHA-1 too has been broken! Bruce Scheier explains 'broken' in some detail in this post, and comments:

There are an infinite number of collisions, as you state. Finding one will take 2**80 work, assuming the hash function is secure. The odds of one occuring naturally is so small as to be negligible. The research result is an algorithm to find collisions in 2**69 work. Hence, the hash function is broken.

Scott Galloway puts this in perspective, saying 'SHA-1 has been broken...what's the big deal?'

One salient point that Keith makes is that you should never sign a document that you did not author (or at least edit, I assume). He points to this interesting scenario which shows one way that collisions could be exploited.


Post a Comment

<< Home