Possible Flaws in MD5, SHA-0, SHA-1

By Matthew on August 26, 2004 9:59 PM | 1 Comment | 1 TrackBack

Some exciting and disturbing news surfaced this week. Computer Scientists from France and China have uncovered flaws in the MD5 and SHA-0 hashing algorithms. Though still preliminary, these findings suggest that an attacker could produce a hash collision in a short timeframe on a household PC. The security implications are quite serious. Apache, for example, signs its releases on mirror sites with MD5 checksums. An attacker could, in theory, incorporate malicious code in such a way that the compromised Apache distribution would yield the same MD5 signature.

The discovery of a similar flaw in SHA-1, which is widely used in PGP and SSL, may have been announced last Tuesday at Crypto 2004 in Santa Barbara. I could not find any related articles, however.

Categories:

Tags:

1 TrackBack

TrackBack URL: http://www.vitalvector.com/mt/mt-tb.cgi/3

Forged CA Certificate from Vital Vector on January 19, 2009 6:20 PM

This news is a couple weeks old, but I wanted to mention it anyway. Several years ago I mentioned a flaw in MD5. Seeking a proof of concept, a team of researchers successfully forged a CA certificate that could sign... Read More

1 Comment

Author Profile Page Zack | January 31, 2009 4:46 PM | Reply

I knew it. I'm going to go invent my own algorithm, thank you very much.

Leave a comment

Categories

Tag Cloud

Monthly Archives

Creative Commons License
This blog is licensed under a Creative Commons License.

Search

About this Entry

This page contains a single entry by Matthew published on August 26, 2004 9:59 PM.

Blogs In Education was the previous entry in this blog.

New AIM TOS is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Recent Entries

Recent Comments

  • jay Donnell: I'm sure they will go in that direction in the read more
  • jay: I'm going tomorrow :) read more
  • jay: You should have linked some of the stats :) I'm read more
  • Sue Denim: I only have on thing to say: XBOX read more
  • jay: If unemployment is high would a lack of a minimum read more
  • jay: Saying that we need to cut unnecessary social programs (I'm read more
  • Matthew: Davis's tripling of the vehicle registration fees amounted to some read more
  • jay: You're point is a bit implicit so please forgive me read more
  • Zack: That's pretty awesome. read more
  • Zack: I knew it. I'm going to go invent my own read more