(Page 2 of 2)
It will take a long time to find a new algorithm and get it ready for general use, so NIST decided not to wait until SHA-2 was actually compromised. Burr notes that SHA-1, an older hash algorithm that NIST no longer recommends because of weaknesses uncovered by Wang, "is more damaged than destroyed," since a great deal of computation is still needed to find a collision. "We decided we had to rethink the whole thing," Burr adds, "because we were just learning more and more about [how hash functions can be attacked], a lot of it disquieting."
Beyond relieving worries about security, a new algorithm can take advantage of new trends in computing, such as dual-core processors, making it faster. "Hashes are the workhorse of cryptography," Schneier says, "so performance is critical."
NIST has received 64 entries for the competition and is looking for ways to narrow down the list. When NIST publishes the short list of entries at the end of this month, cryptographers the world over will begin analyzing them. This promises to be a lengthy process. "For many of the good submissions, discussions about their security will become more subtle than just talking about broken versus nonbroken," says Christian Rechberger, a lecturer in cryptography at the Institute for Applied Information Processing and Communications, in Austria, and another competition entrant. "For this discussion, the time until the planned decision in 2012 is definitely needed."
Brian Gladman, a U.K. cryptographer, says that the list of researchers who have submitted algorithms for the competition is impressive. It includes submissions from luminaries such as MIT computer-science professor Ron Rivest, who has already written several highly influential hash functions, and Joan Daemen, one of the designers of a widely-used encryption standard known as the Advanced Encryption Standard (AES).
Rechberger helps maintain the SHA-3 Zoo, a website that collects entries and related analysis. Ultimately, there could be several finalists that remain unbroken at the end of the competition. At the end, the winner will be chosen based on other considerations, such as its speed. For the coming months, however, analysis of entries will do much to advance the understanding of hash functions. And, more dramatically, cryptographers will begin breaking one another's algorithms.
How an outdated algorithm put secure Internet transactions at risk.
The 2008 presidential election could be shaken by flawed electronic voting technology.
Sending false signals to GPS receivers could disrupt critical infrastructure.
Guest (dfaktor)
We are forcing a compromise by using a single hashing algorithm for both encryption and to verify the integrity of the data. This compromise comes about because the perfect algorithm for verifying data integrity causes problems for the perfect encryption solution and vice versa. The perfect algorithm to prevent collisions would be one that acted on each byte of data rather than a group of bytes and didn’t condense the output. This is not feasible for encryption purposes because you would only have to guess the first byte of clear text to reverse the computation and solve for the key. The perfect algorithm then for encryption would be one that acted on the entire clear text. This would make it extremely hard to just guess the clear text. However, this has a problem with collisions as you would have a lot of leeway in manipulating the data contained within. So what I wonder is, why are we compromising? Why not use an algorithm optimized for encryption in conjunction with an algorithm optimized for data integrity each using a different set of keys?
Manufacturing in the United States is in trouble. That's bad news not just for the country's economy but for the future of innovation.
This document is part of the “How-To Guide for Most Common Measurements” centralized resource portal. This tutorial provides a detailed guide for measurement and device considerations to take temperature measurements using thermocouples. Get an introduction to thermocouples, which are inexpensive sensing devices widely used with PC-based data acquisition systems. Also review some specific thermocouple examples and learn how thermocouples work and ways to integrate them into a data acquisition measurement system.
View full PDF >
Listen to story > 
On Twitter
Become a Fan on Facebook
Subscribe to the Feed
zig158
64 Comments
FUD
Just because they found a collision does not mean the hash is any ware near broken. Sha-1 for example has 2^(64 - 1) possible values. One page of text has many times more possible values, so if you hashing your letter to grandma and signing it with an sha-1 hash, any collision found will likely be:
a. be longer or shorter than the original message
b. will be complete gibberish and will be obvious it is a fake
This is why message length must be taken into account when signing and hashing messages. My point is that you may want to use sha-512 for your super double top secret memo, but for everything else sha-1 or sha-256 is fine.
Reply
rkomatsu
52 Comments
Re: FUD
The attack uses controlled modifications of the original message. If you attack a MS Word document, there's plenty of room in the hidden control information (or an embedded image scaled down to almost zero size when rendered) to play with and get a collision.
Reply
Erica Naone
70 Comments
Re: FUD
It's not about FUD, it's about prudence. As I note in the article, Burr told me SHA-1 is "more damaged than destroyed." And what cryptographers mean when they say "broken" is very different from what the average person means. At the same time, considering that it will take about 4 years to find a new algorithm, plus more time to get it deployed so that it can be used, NIST is wise to start looking for new solutions now. No one is saying that the sky is falling. What people are doing is trying to ensure that security solutions stay ahead of attacks.
Reply