At this years CRYPTO'04, a security conference, it was announced that on variety of popularly used security protocols, security researchers had found collisions. Cryptography Research have published a Q & A on the implications of the collision.
What are the implications of collision attacks for code signing systems?
"Collisions can be a problem for systems that involve signed code. In particular, a collision attack can enable adversaries to construct an innocuous program and a malicious program with the same hash. For example, a trusted compiler/verifier might accept and sign the innocuous program, which could then be substituted for the malicious one."
It's well worth reading to find out all of the implications. Conclusions are that MD5 is down, as is SHA-0; SHA-1 is on the way out. Systems will now need to undertake the mammoth task of upgrading to more secure systems.
View: Q & A @ Cryptography.com
-1 Comments - Add comment