<http://www.techworld.com/storage/news/index.cfm?NewsID=3081&Page=1&pagePos=11> Techworld.com 07 February 2005 More experts warn of CAS arrays risks MD5 comes in for further criticism By Lucas Mearian, Computerworld (US) More security experts are warning against the use of the flawed hashing algorithm, MD5, for digital signatures on content addressed storage (CAS) systems. Last August, a Chinese researcher, Xiaoyun Wang, unveiled detailsof the flaw. Other security experts are now chipping in. An official at the National Institute of Standards and Technology said IT managers have good reason to be concerned about security flaws in MD5. "It's pretty well known right now that it's just not up to what you need," said Elaine Barker, head of NIST's computer security division. Barker said NIST has no plans to certify or recommend the MD5 algorithm for government use. The warnings come as more vendors unveil CAS systems to meet the need for disk-based backup of fixed data such as e-mail and medical images. Experts say that under specific circumstances, hackers could create files containing malicious data that could cause data loss or the dissemination of bad data. Of the four major vendors of CAS storage, two of them - EMC and Archivas - use the MD5 algorithm. The other two, Permabit and Avamar Technologies do not. Archivas said it provides the option of using another method of indexing, called the Secure Hash Algorithm-1. Users of EMC and Archivas systems say they aren't concerned about the warnings. "I believe that the possibility of a (problem) is so unlikely that it does not bother me," said John Halamka, CIO at Boston-based CareGroup, a hospital management company. "Thus far, we've been working with (the) Centera (array) for more than a year without a single issue." Curt Tilmes, a systems engineer at NASA's Goddard Space Flight Center, has been beta-testing an Archivas Cluster CAS system for archiving satellite data about the earth's atmosphere for more than a year. He said he feels it's secure because it's on a private network with firewalls. "I suppose it wouldn't hurt [to use a more secure algorithm], but for my application, it wouldn't have an effect," Tilmes said. Meanwhile, Sun's long-awaited CAS system, code-named Honeycomb, won't use the MD5 algorithm because of security concerns, said Chris Woods, chief technology officer for Sun's storage practice. Woods would not say which algorithm the company will use to index stored objects. "It really is time for [the industry] to stop using MD5," said Dan Kaminsky, a security consultant at Avaya. "MD5 has been a deprecated hashing algorithm for almost a decade. The industry has clung to the algorithm, partially out of inertia, partially out of scarcity of computer power." In a report last month, Kaminsky pointed out that an attack could be used to create two files with the same MD5 hash, one with "safe" data and one with "malicious" data. If both files were saved to the same system, a so-called collision could result, leading to data loss or the dissemination of bad data, he said. Mike Kilian, CTO at EMC's Centera division, contended that MD5 flaws don't apply to Centera arrays because once a piece of content is stored, a company can't change it. "Centera from almost Day 1 has had multiple addressing schemes available to applications," Kilian said. Kaminsky disagreed. "Cryptography tends to be a 'garbage algorithm in, garbage security out' discipline," he said. "Let's say they were appending custom metadata to the end of their files. Conceivably, the attack would not care, as once two files have the same hash, you can append the same [identical] metadata to both of them and they'll still possess the same hash." Archivas officials noted that its CAS device does not use the MD5 hash key to name the file in the archive, the way EMC's product does. -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'