delphij's Chaos


19 Aug 2004

Aha... MD5 is vulnerable

Researchers have announced preliminary indications of previously unknown vulnerabilities in popular security algorithms that could permit hackers to easily install undetectable back doors into computer code or to counterfeit electronic signatures. French computer scientist Antoine Joux reported on Aug. 12 his discovery of a flaw in the MD5 algorithm, which is often used with digital signatures. The algorithm is known as a hash function, which extrapolates from all input a unique fingerprint; however, if a hacker could produce the same fingerprint with a different input stream, then the resulting hash collision would authenticate software as safe to download and execute even though it contains a back door. MD5 is employed by the open-source Apache Web server product as well as Sun Microsystems' Solaris Fingerprint Database, and the flaw Joux uncovered means that a hacker can produce one hash collision in a few hours on a standard PC. Meanwhile, four Chinese researchers issued a paper reporting that the SHA-0 Secure Hash Algorithm could be subverted, while Israel Institute of Technology researchers Eli Biham and Rafi Chen revealed at the Crypto 2000 conference on Aug. 17 that they were investigating possible flaws in the SHA-1 algorithm, the only signing algorithm approved for use in the U.S. Digital Signature Standard. SHA-1, which is incorporated into popular programs such as SSL and PGP, is thought to be secure because knowingly producing hash collisions via existing methods is impossible. SHA-1 depends on a computer executing a routine 80 times as it tries to create a unique fingerprint, and Biham declared that he was able to copy the fingerprint for 36 of those 80 executions. If SHA-1 shares similar vulnerabilities with SHA-0, then attempts to falsify a fingerprint would be sped up about 500-fold.

And this appeared on!