Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

More fodder for the computer security paranoid: Computer scientists have reported previously unknown flaws in three key mathematical functions embedded in common security applications at this week’s Crypto 2004 conference in Santa Barbara, CA.

Both Chinese and French researchers reported weaknesses in a popular algorithm called MD5, often used with digital signatures. Then Eli Biham of the Technion Institute in Israel reported some early work toward identifying vulnerabilities in the SHA-1 “Secure Hash Algorithm,” which was believed to be secure. The news was reported here on CNET News.

While the results are all preliminary, intruders could eventually use them to insert “back doors” into computer code or to forge electronic signatures.

(Simson Garfinkel recently wrote a nice explanation of hash functions in a column titled “Fingerprint Your Files.”)

The SHA-1 algorithm is currently considered the gold standard hash algorithms and is embedded in popular security programs like PGP (used to encrypt e-mail) and SSL (used to secure Web transactions). The National Institute of Standards and Technology has certified it, and it’s the only signing algorithm approved for use in the U.S. government’s Digital Signature Standard.

Seems like it’s time for mathematicians and computer scientists to start working on the next-next generation of security algorithms.

0 comments about this story. Start the discussion »

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me