Monday, August 30, 2004
An Illustrated Guide to Cryptographic Hashes
As Ned noted recently, weaknesses have been found in MD5. Researchers have found ways to reliably generate collisions in cryptographic hash functions (MD5, MD4, SHA-0, HAVAL-128 and RIPEMD) much faster than brute-force time. Cool stuff but what are these algorithms used for and why should you care? Read the Illustrated Guide to Cryptographic Hashes.
Note: Edward Felten has also written about this subject. Here's his analysis, based on the latest research:
Note: Edward Felten has also written about this subject. Here's his analysis, based on the latest research:
Granted, he's speaking about algorithmic weakness, there are no known exploits based on this work yet but this is big news.Where does this leave us? MD5 is fatally wounded; its use will be phased out. SHA-1 is still alive but the vultures are circling. A gradual transition away from SHA-1 will now start. The first stage will be a debate about alternatives, leading (I hope) to a consensus among practicing cryptographers about what the substitute will be.
RSS 0.92 Feed