MD5 Hash Algorithm Cracked?

.

 

Researchers in China are reported to have identified a flaw the MD5 hash algorithm which is one of the standard algorithms approved by the Information Technology Act 2000 for the purpose of Digital Signatures in India.

Four Chinese authors (Wang, Feng, Lai, and Yu) reported in their paper in the Crpto 2004 conference held recently (August 15-19) at Santa Barbara, California  that two documents with same MD5 hash can exist and provided the mathematical means to identify such "collisons." 

Another presenter Mr Eli Biham announced new results in cryptanalyzing SHA-1, including a collision in a reduced-round version of SHA-1. The full SHA-1 algorithm does 80 rounds of scrambling. At present, Biham and Chen are reportedly capable of breaking versions of SHA-1 that use up to about 40 rounds, and they seem confident that their attacks can be extended to more rounds.

Experts have expressed the opinion that "MD5 is fatally wounded; its use will be phased out. SHA-1 is still alive but the vultures are circling. A gradual transition away from SHA-1 will now start."

The implications of the research are that the confidence in the MD5 hash will be seriously eroded. This could lead to a serious problem in India where MD5 is one of the approved algorithms for the Digital Signatures.

It is however necessary to appreciate that any algorithm will be subjected to research analysis and in due course could be broken. Though research of the above kind can throw up "Collision Possibilities", these are basically theoretical predictions to say that some thing is probable. However for two working documents to have a similar hash by accident or designing a modified document that resembles the original in content (With fraudulent modifications) and also having the same hash value is not a possibility that can be accepted as real. This is the same argument as to say that the finger prints of two individuals in several billion people may resemble.

Hence there is no need for unnecessary panic and false alarms. At the same time it may be said that the research underscores the need for continuous research and improvement in the algorithms as also finding of new algorithms.

 

Naavi

August 25 2004


  Related Articles:

MD 5 Flaw Paper

Report from Crypto 2004

 

 

For Structured Online Courses in Cyber laws, Visit Cyber Law College.com

 
Back To Naavi.org