Vulnerable Security Algorithms Raise Concerns

Industry experts agree that the future of two widely used securityalgorithms is fated, but with no clear alternatives in sight productsthat rely on them may have to remain good enough for some time.

Secure Hash Algorithm-1, or SHA-1, and Message Digest 5, or MD5, werethe topics of much discussion at the National Institute of Standardsand Technology (NIST)’s Cryptographic Hash Workshop held Monday. Bothare hash functions developed in the early 1990s that generate uniquestrings of values used most often for encrypting and decrypting digitalsignatures, and both have been exposed as vulnerable within the pastyear.

SHA-1 is a wounded fish in shark-infested waters, but I’m more worriedabout MD5 because it’s used everywhere, said Niels Ferguson, acryptographer with Microsoft. Try to switch away from SHA-1 as quicklyas you can, but switch away from MD5 first, he said when asked whatrecommendations he has regarding the algorithms during a panel at theconference.

About a year ago, collisions with MD5 came to light. Collisions occurwhen two messages have the same hash value, which compromises theauthentication of the messages. In February, similar findings wereunveiled regarding SHA-1. In the latter case, the collision was notactually performed, but research scientists at a Chinese universityhighlighted SHA-1’s vulnerability by describing how such an occurrencecould be constructed.

Since actual collisions have been achieved with MD5, many presenters atthe conference seemed to already dismiss the algorithm as compromised.Microsoft’s Ferguson told the story of a man in Australia who wasfighting a traffic violation in court and argued that the evidenceagainst him was invalid because the traffic camera used MD5, which isconsidered a broken algorithm. The judge throw out the case, Fergusonsaid.

Much of the conference discussions focused on potential fixes orreplacements for SHA-1, but one presenter warned that new hashfunctions wouldn’t emerge for quite a while. SHA-1 needs to bereplaced, but that replacement isn’t known yet, and it’s going to takeyears to develop, said Steven Bellovin, a professor at ColumbiaUniversity.

In the meantime, debate continues over whether SHA-1 should still beused at all. Participants of the recommendations panel during theconference agreed that users should not include SHA-1 in any newprojects, but that continued use of existing products may beunavoidable. As members of the audience pointed out, hardware andsoftware will need to be updated with new or enhanced algorithms toreplace SHA-1, and that’s timely and expensive. And users need to beconvinced to migrate to products that use new algorithms, which cantake years to achieve.

It’s practical to continue to use SHA-1, but be very aware and do a lotof planning for the next algorithm, recommended James Randall, managerof cryptographic algorithms and standards at RSA Security. Panelmembers suggested buying products that can work with a number ofdifferent algorithms.

By Cara Garretson – Network World (US online)