Interesting People mailing list archives
more on Top crypto algorithms 'fully broken?'
From: David Farber <dave () farber net>
Date: Thu, 19 Aug 2004 05:05:58 -0400
Begin forwarded message: From: odlyzko () dtc umn edu (Andrew Odlyzko) Date: August 18, 2004 11:08:06 PM EDT To: dave () farber net Subject: Re: Top crypto algorithms 'fully broken?' Dave, The article by Declan McCullagh that is referenced is accurate. Butit definitely does not mean that "top crypto algorithms are fully broken."
Only a few hash algorithms are affected. Furthermore, these attacks by themselves are not all that much of a threat. To simplify things, what was discovered by the researchers who spoke at Crypto is that for those algorithms (which do not include the most important one, the one that is a U.S. national standard, SHA-1), there do exist pairs of messages that have the same signature. More precisely, there are messages x*m;ut0%Wb#crr)q"-Tvmaa^@39fl &bfpR([wez$1l8gI@S{=!snv&Wnf+ such that if you happened to send the first one to your bank, I couldinstead substitute the second one, and the forgery would not be detected.
However, you would not likely want to send the first message, since it is gibberish, and even if by accident you did happen to send it, I wouldgain nothing from the forgery, since the second message is also gibberish,
and the bank would reject it. Still, the attacks are significant theoretically, since until now it was not even known how to accomplish this. This might lead to attacks at higher levels. The next step would be to find attacks that would enable a forger, when faced with a signed message from you of the formTransfer $36.97 from my checking account 1234567 to MCI. Dave Farber.
to find another message that would have the same signature, and so would initially be accepted by the bank as authentic. But in most cases that forged message would be something like &bfpR([wez$1l8gI@S{=!snv&Wnf+x*m;ut0%Wb#crr)q"-Tvmaa^@39flr$cDk,K.Oxxand so again would not gain the forger anything, since it would be gibberish.
For a really practical attack, one would have to go up another level, and
find a message of the formPay $65,876.99 from my account 1234567 to John M. Smith. Dave Farber.
that would have the same signature as your original one. At that stage real harm could be done. But we are still far from that. Andrew From: David Farber <dave () farber net> Subject: Top crypto algorithms 'fully broken?' Date: Wed, 18 Aug 2004 10:05:21 -0400 Begin forwarded message: DAN FARBER Top crypto algorithms 'fully broken?'Do you think your encrypted communications and documents are secure?
Think again. In separate findings, French and Chinese researchers last week uncovered fallibilities in some of the most commonly usedencryption techniques. And last night, at the Crypto 2004 conference,
security researchers delivered the good, the bad, and the ugly news. The good news: SHA-1, embedded in popular programs such as SSL andPGP, is still standing--so far. The bad news, according to conference chair James Hughes, is that "the break of MD4, which was already broken, is unique because the techniques could be done by hand." The ugly news: "full breaks" of the MD5, HAVAL-128, RIPEMD, and SHA-0 hash functions
were announced as well--and SHA-1 is under serious attack. The discoveries could make it easier for intruders to insert undetectable back doors into computer code or to forge electronic signatures. http://ct.com.com/click?q=89-h28bQ~JAj6DPkIRfpwDCBVM5LWcR ------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on Top crypto algorithms 'fully broken?' David Farber (Aug 19)