[Clips] Chinese Professor Cracks Fifth Data Security Algorithm

R.A. Hettinga rah at shipwright.com
Tue Mar 20 19:41:16 PDT 2007 

--- begin forwarded text


  Date: Tue, 20 Mar 2007 22:40:29 -0400
  To: Philodox Clips List <clips at philodox.com>
  From: "R.A. Hettinga" <rah at shipwright.com>
  Subject: [Clips] Chinese Professor Cracks Fifth Data Security Algorithm
  Reply-To: clips-chat at philodox.com
  Sender: clips-bounces at philodox.com

  <http://en.epochtimes.com/tools/printer.asp?id=50336>


  The Epoch Times

  Home > Science & Technology

  Chinese Professor Cracks Fifth Data Security Algorithm

  SHA-1 added to list of "accomplishments"

  Central News Agency

  Jan 11, 2007


  Associate professor Wang Xiaoyun of Beijing's Tsinghua University and
  Shandong University of Technology has cracked SHA-1, a widely used data
  security algorithm. (Daniel Berehulak/Getty Images)

  TAIPEI-Within four years, the U.S. government will cease to use SHA-1
  (Secure Hash Algorithm) for digital signatures, and convert to a new and
  more advanced "hash" algorithm, according to the article "Security
  Cracked!" from New Scientist . The reason for this change is that associate
  professor Wang Xiaoyun of Beijing's Tsinghua University and Shandong
  University of Technology, and her associates, have already cracked SHA-1.

  Wang also cracked MD5 (Message Digest 5), the hash algorithm most commonly
  used before SHA-1 became popular. Previous attacks on MD5 required over a
  million years of supercomputer time, but Wang and her research team
  obtained results using ordinary personal computers.

  In early 2005, Wang and her research team announced that they had succeeded
  in cracking SHA-1. In addition to the U.S. government, well-known companies
  like Microsoft, Sun, Atmel, and others have also announced that they will
  no longer be using SHA-1.

  Two years ago, Wang announced at an international data security conference
  that her team had successfully cracked four well-known hash algorithms-MD5,
  HAVAL-128, MD4, and RIPEMD-within ten years.

  A few months later, she cracked the even more robust SHA-1.

  Focus and Dedication

  According to the article, Wang's research focusses on hash algorithms.

  A hash algorithm is a mathematical procedure for deriving a 'fingerprint'
  of a block of data. The hash algorithms used in cryptography are "one-way":
  it is easy to derive hash values from inputs, but very difficult to work
  backwards, finding an input message that yields a given hash value.
  Cryptographic hash algorithms are also resistant to "collisions": that is,
  it is computationally infeasible to find any two messages that yield the
  same hash value.

  Hash algorithms' usefulness in data security relies on these properties,
  and much research focusses in this area.

  Recent years have seen a stream of ever-more-refined attacks on MD5 and
  SHA-1-including, notably, Wang's team's results on SHA-1, which permit
  finding collisions in SHA-1 about 2,000 times more quickly than brute-force
  guessing. Wang's technique makes attacking SHA-1 efficient enough to be
  feasible.

  MD5 and SHA-1 are the two most extensively used hash algorithms in the
  world. These two algorithms underpin many digital signature and other
  security schemes in use throughout the international community. They are
  widely used in banking, securities, and e-commerce. SHA-1 has been
  recognized as the cornerstone for modern Internet security.

  According to the article, in the early stages of Wang's research, there
  were other researchers who tried to crack it. However, none of them
  succeeded. This is why in 15 years hash research had become the domain of
  hopeless research in many scientists' minds.

  Wang's method of cracking algorithms differs from others'. Although such
  analysis usually cannot be done without the use of computers, according to
  Wang, the computer only assisted in cracking the algorithm. Most of the
  time, she calculated manually, and manually designed the methods.

  "Hackers crack passwords with bad intentions," Wang said. "I hope efforts
  to protect against password theft will benefit [from this]. Password
  analysts work to evaluate the security of data encryption and to search for
  even more secure 
 algorithms."

  "On the day that I cracked SHA-1," she added, "I went out to eat. I was
  very excited. I knew I was the only person who knew this world-class
  secret."

  Within ten years, Wang cracked the five biggest names in cryptographic hash
  algorithms. Many people would think the life of this scientist must be
  monotonous, but "That ten years was a very relaxed time for me," she says.

  During her work, she bore a daughter and cultivated a balcony full of
  flowers. The only mathematics-related habit in her life is that she
  remembers the license plates of taxi cabs.

  With additional reporting by The Epoch Times.

  --
  -----------------
  R. A. Hettinga <mailto: rah at ibuc.com>
  The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
  44 Farquhar Street, Boston, MA 02131 USA
  "... however it may deserve respect for its usefulness and antiquity,
  [predicting the end of the world] has not been found agreeable to
  experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
  _______________________________________________
  Clips mailing list
  Clips at philodox.com
  http://www.philodox.com/mailman/listinfo/clips

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

More information about the cypherpunks-legacy mailing list