Blogger
Get your own blogNext blog
BlogThis!'); langTitle(); document.write(''); /*for(var n=0; n<10; n++) document.write(' ');*/
KL

Scientific Thoughts

The eternal mystery of the world is its comprehensibility - Albert Einstein

Monday, June 13, 2005

In this digital age, security of online documents and web connections is paramount. Digital signatures are used to authenticate website connections, emails and legal documents in some countries. They work because they are unique to the file or software that is signed, as they are created from the contents of the signed file. Therefore, if someone tries to cut a digital signature from one document and stick it to another, the signature fails because it no longer matches the document. However, recently exposed cracks in the digital signature algorithm make it possible for someone to extract a signature from one file, and use it with another! This means that attackers could potentially forge legal documents, load certified software with bogus code, or turn a digitally-signed letter of recommendation into one that authorises access to private information.

How Digital Signature Works (Courtesy: Microsoft)
The signature is generated using a public algorithm, called the Hash function. These algorithms convert a digital file into a fixed-length string of bits (made up of “0”s and “1”s) called a hash, which is considered unique. The hash is then bound up with the digital signatory’s key to generate their signature. The signature is verified by a trusted third party that removes the key and compares the remaining number with a hash of the document.
Cracks first appeared last year, when Xiaoyun Wang and colleagues at the Shandong University of Technology in China generated two documents that had the same MD5 signature. In February 2005 Wang demonstrated the same thing - called a collision - but with the US Government’s gold-standard algorithm SHA-1, which was considered more secure than MD-5!!
Stefan Lucks of the University of Mannheim and Magnus Daum of the Ruhr-University, Bochum, both in Germany, combined Wang’s work with a clever trick in order to produce two meaningful documents with the same hash function. They used a capability in a file-type known as postscript, which is similar to the PDF format. Postscript allowed them to bind up two documents in the same file, but to reveal only one document and hide the other, and vice versa, without changing the hash of the whole file:)).
According to Dan Kaminsky, an independent security consultant based in Seattle, Washington, It’s not the end of the world yet, but we need to stop using MD-5 and SHA-1 before it is!

Digital Security Threatened

6/13/2005   2 comments Post a Comment

2 Comments:

At June 14, 2005 8:57 PM, Blogger Unknown said...
THe 64 bit SHA was broken. I thing they will have to move to higher ones.

But however, the time between cracking the MD5 and SHA was too small.... Thats very disturbing! Looking at the trend.... I feel that any new standard can be cracked!
 
At June 14, 2005 10:25 PM, Blogger Sray said...
I know.. and with faster processors, anything is possible!
 

Post a Comment

About Me

My Photo
Name: Sray
From: India/USA
Mood: 
Free Guestmap from Bravenet.com

Its only words, and words are all I have, to take your heart away...

View my complete profile

Favorite Music

Previous Posts

  • Food From Mars
  • Digital Bacteria
  • Fruit Fly Eyes
  • Ancient Hominid Find
  • Molecular Transistor
  • Z Machine
  • Dolphins Use Tools
  • Building A Brain
  • Birds and Dinosaurs
  • Green Diesel

Profiles/Feeds/Visitors

Technorati Profile
Technorati Search
Technorati Ping
BlogShares

Atom Feed
RSS Feed
 
I am...

Click My Pet Cloudy!

adopt your own virtual pet!

Her friends
Lettuce   Rainy   Hammy

    Frequently Read

      Blogroll Me!

Latest Science News