lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 21 Mar 2007 20:37:27 +1100
From: "Michael Silk" <michaelslists@...il.com>
To: "Secure Coding" <SC-L@...urecoding.org>, 
	full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Chinese Professor Cracks Fifth Data Security
	Algorithm (SHA-1)

Awesome.

-------------------

  <http://en.epochtimes.com/tools/printer.asp?id=50336>


  The Epoch Times

  Home > Science & Technology

  Chinese Professor Cracks Fifth Data Security Algorithm

  SHA-1 added to list of "accomplishments"

  Central News Agency

  Jan 11, 2007


  Associate professor Wang Xiaoyun of Beijing's Tsinghua University and
  Shandong University of Technology has cracked SHA-1, a widely used data
  security algorithm. (Daniel Berehulak/Getty Images)

  TAIPEI-Within four years, the U.S. government will cease to use SHA-1
  (Secure Hash Algorithm) for digital signatures, and convert to a new and
  more advanced "hash" algorithm, according to the article "Security
  Cracked!" from New Scientist . The reason for this change is that
associate
  professor Wang Xiaoyun of Beijing's Tsinghua University and Shandong
  University of Technology, and her associates, have already cracked SHA-1.

  Wang also cracked MD5 (Message Digest 5), the hash algorithm most commonly
  used before SHA-1 became popular. Previous attacks on MD5 required over a
  million years of supercomputer time, but Wang and her research team
  obtained results using ordinary personal computers.

  In early 2005, Wang and her research team announced that they had
succeeded
  in cracking SHA-1. In addition to the U.S. government, well-known
companies
  like Microsoft, Sun, Atmel, and others have also announced that they will
  no longer be using SHA-1.

  Two years ago, Wang announced at an international data security conference
  that her team had successfully cracked four well-known hash
algorithms-MD5,
  HAVAL-128, MD4, and RIPEMD-within ten years.

  A few months later, she cracked the even more robust SHA-1.

  Focus and Dedication

  According to the article, Wang's research focusses on hash algorithms.

  A hash algorithm is a mathematical procedure for deriving a 'fingerprint'
  of a block of data. The hash algorithms used in cryptography are
"one-way":
  it is easy to derive hash values from inputs, but very difficult to work
  backwards, finding an input message that yields a given hash value.
  Cryptographic hash algorithms are also resistant to "collisions": that is,
  it is computationally infeasible to find any two messages that yield the
  same hash value.

  Hash algorithms' usefulness in data security relies on these properties,
  and much research focusses in this area.

  Recent years have seen a stream of ever-more-refined attacks on MD5 and
  SHA-1-including, notably, Wang's team's results on SHA-1, which permit
  finding collisions in SHA-1 about 2,000 times more quickly than
brute-force
  guessing. Wang's technique makes attacking SHA-1 efficient enough to be
  feasible.

  MD5 and SHA-1 are the two most extensively used hash algorithms in the
  world. These two algorithms underpin many digital signature and other
  security schemes in use throughout the international community. They are
  widely used in banking, securities, and e-commerce. SHA-1 has been
  recognized as the cornerstone for modern Internet security.

  According to the article, in the early stages of Wang's research, there
  were other researchers who tried to crack it. However, none of them
  succeeded. This is why in 15 years hash research had become the domain of
  hopeless research in many scientists' minds.

  Wang's method of cracking algorithms differs from others'. Although such
  analysis usually cannot be done without the use of computers, according to
  Wang, the computer only assisted in cracking the algorithm. Most of the
  time, she calculated manually, and manually designed the methods.

  "Hackers crack passwords with bad intentions," Wang said. "I hope efforts
  to protect against password theft will benefit [from this]. Password
  analysts work to evaluate the security of data encryption and to search
for
  even more secure
algorithms."

  "On the day that I cracked SHA-1," she added, "I went out to eat. I was
  very excited. I knew I was the only person who knew this world-class
  secret."

  Within ten years, Wang cracked the five biggest names in cryptographic
hash
  algorithms. Many people would think the life of this scientist must be
  monotonous, but "That ten years was a very relaxed time for me," she says.

  During her work, she bore a daughter and cultivated a balcony full of
  flowers. The only mathematics-related habit in her life is that she
  remembers the license plates of taxi cabs.

  With additional reporting by The Epoch Times.

-- 
mike
00110001 <3 00110111

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ