Technology Review
Cryptographers will compete to define a new standard.
Cryptographers from around the world have laid their best work on the line in a contest to find a new algorithm that will become a critical part of future communications across the Internet. The winning code will become a building block of a wide variety of Internet protocols, including those used to safeguard communications between banks and their customers. The National Institute of Standards and Technology (NIST) organized the competition and plans to release a short list of the best entries by the end of this month, beginning a four-year process of painstaking analysis to find the overall winner.
All this effort is necessary because the current standard--the Secure Hash Algorithm 2 (SHA-2)--is starting to show its age. In 2005, Xiaoyun Wang, a professor at the Center for Advanced Study at Tsinghua University, in China, found weaknesses in several related hashing algorithms. Since then, she and her peers in the field have chipped away at other hashing schemes, making officials worry that SHA-2 will also eventually succumb.
A hash algorithm turns an ordinary message into a "digital fingerprint," which can then be used to keep the original message secret during transit or to guarantee that it hasn't been tampered with en route. But a hash function is only considered secure if there is no practical way to run it backward and find the original message from the fingerprint. Equally important, there should be no trivial way to produce two messages with exactly the same fingerprint. The weaknesses discovered by Wang and others relate to this problem--something cryptographers call "a collision." The latter issue is complicated by the fact that it is impossible to completely avoid collisions. So the best algorithm is one that simply makes collisions extremely hard to produce. "You shouldn't be able to find them," says William Burr, manager of the Security Technology Group for NIST. "The computation should be too great."
But competition entrants face another major challenge. While encryption algorithms rely on keeping a "key" secret from attackers, cryptographic hash functions can have no such secrets. This gives an attacker plenty of avenues for cracking a hash algorithm, says Burr.
"Hash functions are the most widely used and the most poorly understood cryptographic primitives," adds Bruce Schneier, chief security technology officer at BT Counterpane and one of the competition entrants. "It's possible that everything gets broken here, simply because we don't really understand how hash functions work."
How an outdated algorithm put secure Internet transactions at risk.
The 2008 presidential election could be shaken by flawed electronic voting technology.
Sending false signals to GPS receivers could disrupt critical infrastructure.
Guest (dfaktor)
We are forcing a compromise by using a single hashing algorithm for both encryption and to verify the integrity of the data. This compromise comes about because the perfect algorithm for verifying data integrity causes problems for the perfect encryption solution and vice versa. The perfect algorithm to prevent collisions would be one that acted on each byte of data rather than a group of bytes and didn’t condense the output. This is not feasible for encryption purposes because you would only have to guess the first byte of clear text to reverse the computation and solve for the key. The perfect algorithm then for encryption would be one that acted on the entire clear text. This would make it extremely hard to just guess the clear text. However, this has a problem with collisions as you would have a lot of leeway in manipulating the data contained within. So what I wonder is, why are we compromising? Why not use an algorithm optimized for encryption in conjunction with an algorithm optimized for data integrity each using a different set of keys?
Manufacturing in the United States is in trouble. That's bad news not just for the country's economy but for the future of innovation.
This document is part of the “How-To Guide for Most Common Measurements” centralized resource portal. This tutorial provides a detailed guide for measurement and device considerations to take temperature measurements using thermocouples. Get an introduction to thermocouples, which are inexpensive sensing devices widely used with PC-based data acquisition systems. Also review some specific thermocouple examples and learn how thermocouples work and ways to integrate them into a data acquisition measurement system.
View full PDF >
Listen to story > 
Our list of the 50 most innovative companies, including the following:
On Twitter
Become a Fan on Facebook
Subscribe to the Feed
zig158
64 Comments
FUD
Just because they found a collision does not mean the hash is any ware near broken. Sha-1 for example has 2^(64 - 1) possible values. One page of text has many times more possible values, so if you hashing your letter to grandma and signing it with an sha-1 hash, any collision found will likely be:
a. be longer or shorter than the original message
b. will be complete gibberish and will be obvious it is a fake
This is why message length must be taken into account when signing and hashing messages. My point is that you may want to use sha-512 for your super double top secret memo, but for everything else sha-1 or sha-256 is fine.
Reply
rkomatsu
52 Comments
Re: FUD
The attack uses controlled modifications of the original message. If you attack a MS Word document, there's plenty of room in the hidden control information (or an embedded image scaled down to almost zero size when rendered) to play with and get a collision.
Reply
Erica Naone
70 Comments
Re: FUD
It's not about FUD, it's about prudence. As I note in the article, Burr told me SHA-1 is "more damaged than destroyed." And what cryptographers mean when they say "broken" is very different from what the average person means. At the same time, considering that it will take about 4 years to find a new algorithm, plus more time to get it deployed so that it can be used, NIST is wise to start looking for new solutions now. No one is saying that the sky is falling. What people are doing is trying to ensure that security solutions stay ahead of attacks.
Reply