Industry experts agree that the future of two widely used security algorithms is fated, but with no clear alternatives in sight, products that rely on them may have to remain 'good enough' for some time.
GAITHERSBURG, Md. - Industry experts agree that the future of two widely used security algorithms is fated, but with no clear alternatives in sight, products that rely on them may have to remain "good enough" for some time.
Secure Hash Algorithm-1 (SHA-1) and Message Digest 5 (MD5 ) were the topics of much discussion at the National Institute of Standards and Technology's Cryptographic Hash Workshop held last week. Both are hash functions developed in the early 1990s that generate unique strings of values most often used for encrypting and decrypting digital signatures, and both have been exposed as vulnerable within the past year. Products and services from companies such as IBM, Adobe and VeriSign rely on digital certificates to verify sender and receiver identities.
"SHA-1 is a wounded fish in shark-infested waters, but I'm more worried about MD5 because it's used everywhere," said Niels Ferguson, a cryptographer with Microsoft. "Try to switch away from SHA-1 as quickly as you can, but switch away from MD5 first," he said, when asked what his recommendations were.
About a year ago, "collisions" with MD5 came to light. Collisions occur when two messages have the same hash value, which compromises the authentication of the messages. In February, similar findings were unveiled regarding SHA-1. In the latter case, the collision was not actually performed, but research scientists at a Chinese university highlighted the vulnerability by describing how such an occurrence could be constructed.
Because actual collisions have occurred with MD5, many presenters at the conference dismissed the algorithm as compromised. Ferguson told the story of a man in Australia who was fighting a traffic violation in court and argued that the evidence against him was invalid because the traffic camera used MD5, which is considered a broken algorithm. The judge threw the case out, Ferguson said.
Much of the conference's discussion focused on potential fixes or replacements for SHA-1, but one presenter warned that new hash functions won't emerge for a while. "SHA-1 needs to be replaced, but that replacement isn't known yet, and it's going to take years to develop," said Steven Bellovin, a professor at Columbia University.
In the meantime, debate continues over whether SHA-1 should still be used at all. Participants in the recommendations panel agreed that users should not include SHA-1 in new projects, but that continued use of existing products may be unavoidable.
As members of the audience pointed out, hardware and software will need to be updated with new or enhanced algorithms replacing SHA-1, which is time-consuming and expensive. Users also need to be convinced to migrate to products that use new algorithms, which can take years to achieve.
"It's practical to continue to use SHA-1, but be very aware and do a lot of planning for the next algorithm," said James Randall, manager of cryptographic algorithms and standards at RSA Security.
Learn more about this topicResearchers find security flaw in SHA-1 algorithm
02/16/05Security's inseparable couple