WhatTheHash? We need new algorithms.

From What The Wiki?!


[edit]

Hashing the Longhorn

Lecture in tent 2 at 21:00->22:00

Speaker: Rüdiger Weis / Cryptolabs Amsterdam

Rüdiger, an mathematician and cryptoanalyst from the university of Amsterdam spoke about the insecurity of todays hash-algorythms like MD5 and SHA-1 and the use of them in modern TPM-chips (trusted platform module).

If all would go the way the Trusted Computing Group (TCG) wants to, every computer should be delivered with an TPM. For Rüdiger this means to give away the control of your own computer. And this will not only be possible in MS-Windows with NGSCB (Next Generation Secure Computing Base). Apple plans to use the TPM in their upcoming Intel-Macs, too. Rüdiger calls up to convince Apple not to implement it. It is mosty useless anyway -- the TPM relies in the insecure hash-algorythms mentioned before. MD5 is damaged and broken already and SHA-1 is mathematically broken, too. One just need 2^69 operations to get a collision of SHA-1-hashes. This is possible for modern computers and could be done with an investment of around 250K Euros in reasonable time. It has been warned to use SHA-1 e.g. at the CCCongress talks every year since 2002. But the algorythms are still used in everyday applications. For example X509-certificates are in real truble but OpenPGP, S/MIME, IPSec and SSH, too. Rüdiger would prefer to bet on the virginity of Britney Spears than on the security of SHA-1. The 160 bit of the hash are not enough anymore. For now we should use the SHA-256-algorythm and its sisters SHA-384 and SHA-512, but on the long term we need a new hash.

Links

Related Articles

Retrieved from "http://wiki.whatthehack.org/index.php/WhatTheHash%3F_We_need_new_algorithms."