MD5 and SHA-1 Come Under Fire

   The two most popular hashing algorithms in use today came under fire at Crypto 2004 in Santa Barbara, California, last week when researchers published ways to greatly reduce the complexity of cracking the algorithms. Unlike encryption algorithms such as Data Encryption Standard (DES) that take two inputs (an encryption key and clear text), generate an output the same length as the input clear text, and can be reversed (i.e., decrypted), hashing is a one-way function that takes just one input (a variable number of bytes) and generates a fixed-length (16 bytes for MD5, 20 bytes for SHA-1) digest of the message. MD5 and SHA-1 are widely used for integrity checking, digital signatures, and protection of stored passwords, among other things. Although the attack methods described were characterized as valid and independently verified, significant computing power is required to figure out the input data that generates a given hash. Still, we might see the beginning of a search for a new hash algorithm that's fast but also secure against today's computing power.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.