SHA-0, MD4, MD5, HAVAL-128, and RIPEMD broken

At this years CRYPTO'04, a security conference, it was announced that on variety of popularly used security protocols, security researchers had found collisions. Cryptography Research have published a Q & A on the implications of the collision.

What are the implications of collision attacks for code signing systems?

"Collisions can be a problem for systems that involve signed code. In particular, a collision attack can enable adversaries to construct an innocuous program and a malicious program with the same hash. For example, a trusted compiler/verifier might accept and sign the innocuous program, which could then be substituted for the malicious one."

It's well worth reading to find out all of the implications. Conclusions are that MD5 is down, as is SHA-0; SHA-1 is on the way out. Systems will now need to undertake the mammoth task of upgrading to more secure systems.

View: Q & A @

View: Over view @ Freedom to

Report a problem with article
Previous Story

Windows XP Service Pack 2 Chat

Next Story

Harddrive Industry increasing warranties?

-1 Comments - Add comment