Dear All
I understand that SHa-1 cryptography has been broken by the same person who
broke MD5, xiaoyun Wang. So what does that mean for password security and
credit card transactions etc. Does that mean we will need to look for other
stronger cryptography solutions and if yes what do you recommend, especially
for passwords?
thanks
Tallat
From my understanding I wouldn't say it is broken, yet.
Here's a quote from Bruce Schneier on his blog:
"The panel stressed that these are collision attacks and not pre-image
attacks, and that many protocols simply don't care. Collision attacks
are important for digital signatures, but less so for other uses of
hash functions. On the other hand, this difference is only understood
by cryptographers; there are issues if the public believes that SHA-1
is "broken.""
Full entry see:
http://www.schneier.com/blog/archives/2005/10/nist_hash_works_2.html
Another quote from a different entry:
"Developers need to know what hash function to use in their designs.
They need an answer today. (SHA-256 is what I tell people.) They'll
need an answer in a year."
Full entry see:
http://www.schneier.com/blog/archives/2005/11/nist_hash_works.html
I would recommend reading his blog. There is much non-computer security
discussion, but he is one of the more outspoken cryptographers and tends
to knows what he is talking about.
Zak
Zachary Richmond
Arrt Manufacturing, LLC
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------
