http://arstechnica.com/security/2012/10/sha1-crypto-algorithm-could-fall-by-2018/ By Dan Goodin Ars Technica Oct 6, 2012 A widely used cryptographic algorithm used to secure sensitive websites, software, and corporate servers is weak enough that well-financed criminals could crack it in the next six years, a cryptographer said. The prediction about the SHA1 algorithm, posted recently to a hash function mailing list sponsored by the National Institute of Standards and Technology, is based on calculations its author and fellow cryptographers admit are rough. The back-of-the-envelope math also incorporates several assumptions that are by no means certain. At the same time, the ability to carry out a reliable "collision attack" on SHA1 would have catastrophic effects on the security of the Internet. Similar collision attacks on the weaker MD5 algorithm provide an example of how dire and widespread the resulting harm could be. The Flame espionage malware, which the US and Israel are believed to have unleashed to spy on sensitive Iranian networks, wielded such an exploit to hijack Microsoft's Windows Update mechanism so the malicious program could spread from computer to computer inside an infected network. Separately, in 2008, a team of computer scientists and security researchers used the technique to forge a master secure sockets layer certificate that could authenticate virtually any website of their choosing. SHA1 is considerably more resistant than MD5 to collision attacks, in which two different plaintext sources generate the same ciphertext, or digital signature. As a result, SSL certificate authorities, software companies, and most other security-minded organizations have discontinued use of MD5 in favor of SHA1, or better yet SHA2, which is believed to be stronger still. (Just this week, NIST designated an algorithm known as Keccak to be SHA3.) Cryptographers have long presumed these more advanced algorithms will suffer the same fate as MD5, as computers' processing speeds become ever faster. With SHA1 a staple in digital certificates that certify the authenticity of websites, commercial software, and credentials used to administer corporate servers, a practical attack on it anytime soon would come with dire consequences. [...] -- Get your CEH, CISSP or ISSMP with ExpandingSecurity.com Live OnLine classes that will not wreck your schedule. Come to a free class and see how good our program really is. Free weekly PainPill: http://www.expandingsecurity.com/PainPillReceived on Sun Oct 07 2012 - 23:16:50 PDT
This archive was generated by hypermail 2.2.0 : Sun Oct 07 2012 - 23:10:49 PDT