TO READ THIS STORY - you must have a paid subscription to Technology Review OR you can purchase special archive reading credits here. Choose from these great offers below.

I'm a paid subscriber please
log me in

I want to purchase this article for
only $1.99
(requires login)

I want to purchase five articles for
only $3.99
(requires login)

I want to buy
1 Year TOTAL Access for
only $24.95
(requires login)

Please note: Click here if you are currently a Technology Review print or digital subscriber and do not have access to this article.

Click here if you are an MIT alum and do not have access to this article.

March/April 2009

Sharing Fingerprints

Hackers can manipulate outdated algorithms to give two very different documents the same digital signature.

By Erica Naone

Sensitive online documents, such as certificates that vouch for banking sites, bear "digital fingerprints" that identify them without revealing their contents. The fingerprints are produced from the documents' contents by algorithms that are supposed to be irreversible. But recently, older varieties of the algorithms have been weakened. The venerable MD5, for example, has been broken, making it easy to introduce a forgery. Marc Stevens, a PhD student in cryptology at the Centrum Wiskunde and Informatica in Amsterdam, the Netherlands, has created a series of demonstrations of how MD5 can fail. One is shown here: though the two faces are different, their digital fingerprints are the same. This is a harmless example, but it has serious implications for digital forensics.

Select from the choices above
to read the entire article.

Customer Service

Magazine Services

•	Subscription FAQ
•	Pay Your Bill
•	Renew Your Subscription
•	Change Your Address
•	Check Your Start/Expire Issue
•	Feedback
•	Buy a Back Issue
•	Permissions/Reprints
•	Cancel Your Subscription
•	Digital Subscription Customer Service