A team of three chinese researchers Xiaoyun Wang, Lisa Yiqun Yin, and Hongbo Yu who have links to Shandong University in China, have compromised the SHA-1 hashing algorithm, which is used not only in the communication certifications and the secure content distribution but is also deployed in so to speak secure embedded devices.
Adi Shamir, the S of RSA, said he received an email containing technical paper from the research team. It was explained in this paper that how two altogeather different documents can have the same SHA-1 hash by using a computation technique not so complex.
The SHA-1 is used in digital certificates, for secure socket layers, private key technolgies to send credit card information. Chipmakers like Atmel, Infineon, National Semiconductor and STMicroelectronics use SHA-1 as the basis of Trusted Platform Modules.
Shamir said that the work of chinese researchers is believed to be correct based upon their acadamic background.
Ronald Rivest, the R of RSA, said “This break of SHA-1 is stunning” and that “Digital signatures have become less secure. This is another reminder that conservatism is needed in the choice of an algorithm”. He also noted that Lisa Yin was a PHD student who studied under him at MIT.
“This means everyone needs to revise their products but it is hard to say when. We don’t have to do it right away certainly in the next release of the OS” – A corporation Manager of Microsoft for their Network Security Products
“They are going to go nuts” – a technical advisor to the American Bar Association
“I think we will have enough time to work on this” – Whitfield Diffie, chief security officer with Sun Microsystems [Sun has not committed SHA-1 to silicon]
“These aren’t severe massive compromisesas long as upgrades get made in reasonable engineering time” – Paul Kocher, a security specialist on the panel at the RSA Conference.
By Irfan R. Toor
Some Interesting Links: