On August 17, 2004, Saint Barbala, California, was held (CRYPTO'2004) arranged three special reports on the mixed function. After the International Famous Cipher Eli Biham and Antoine Joux have made the analysis of SHA-1 and give a collision of SHA-0, Professor Wang Xiaoyun from Shandong University has done the MD5, HAVAL-128, MD4 and RIPEMD algorithms. Report. On the venue, when she announced the crack result of the MD series algorithm, the report was excited applause. Professor Wang Xiaoyun sensited the audience and got the admiration of participating experts. At the end of the report, the participants warmly applauded, some scholars were tribute, which was rare in the cryptographic meeting. Why did Wang Xiaoyun's report cause such a big response? Because her research results as a major discovery of the codenics, the fortress of the world password standard MD5, which is the world password standard MD5, which triggered the sylves of the cryptography. The conference summary report wrote this: "What should we do? MD5 is hit; it is about to eliminate it from the application. SHA-1 is still alive, but I have seen it on the end. Now I have to start replacement SHA-1."
Keywords: collision = Vulnerability = others can fake and use digital signatures.
Hash function and digital signature (digital handprint)
Hash function, also known as the mixture function, is a password algorithm for extensive and important applications in the field of information security, which has a fingerprint application. In the network security protocol, the mixed function is used to handle electronic signatures, compressing lengthy signature files into a unique digital information, ensuring the legality and security of the original digital signature file like fingerprint authentication. SHA-1 and MD5 mentioned earlier are the most commonly used mixed functions. After the processing of these algorithms, the original information will also become a complete "fingerprint" even if only one letter is only a letter. This guarantees the uniqueness of processing information. Provide digital authentication for e-commerce.
The secure mixture of the conflict function must satisfy two requirements when designing: one is looking for two inputs to get the same output value is not feasible, which is what we usually say; the second is to find an input It can obtain a given output in the calculation, ie, it is not possible to derive its initial state. Important computer security protocols now used, such as SSL, PGP uses a mixed function to sign, once you find two files can produce the same compression value, you can fake signatures, bring huge hazards to the network security field.
MD5 is such a whispering function algorithm with a wide range of applications at home and abroad, which once considered very safe. However, Professor Wang Xiaoyun found that the "collision" of MD5 can be quickly found, which is the same "fingerprint". This means that after you sign a contract on the Internet, it is possible to find another contract with the same signature but a different content, so that the truse of the two contracts is not distinguished. Professor Wang Xiaoyun confirmed the use of MD5 algorithms to seriously threaten information system security, this discovery makes the current electronic signature legal effect and technical system challenged. Therefore, the industry expert Princeton Computer Professor Edward Felten and other strong appeal for information systems replace the signature algorithm as soon as possible, and they emphasize that this is a problem that needs to be resolved immediately.
International Lecture Wang discovered four seats
In the face of significant research progress in the field of Hash function, Jim Hughes, senior president of Crypto 2004 Conference, said in the morning, this news is too important, so he has organized the first online broadcast (Webcast) in the 24 years. Hughes announced at the meeting: "The meeting will propose three research reports of Hash Collisions." One of them is a research found in several Chinese researches such as Wang Xiaoyun. On the evening of the 17th, Professor Wang Xiaoyun made his research results in a meeting. This article is completed by Wang Xiaoyun, Feng Deguo, Zhi Jia, the four-person red wave, including the deciphering results of the four famous HASH algorithms of MD5, HAVAL-128, MD4 and RIPEMD. When Professor Wang Xiaoyun announced only to their third amazing results, the venue was already applauded, and the report had to be interrupted. After the report, all the experts have a long-term applause of their highlights, some scholars even stand up to show their congratulations and admiration. When people applaud, the Professor, came to Jia Professor, was a little more interesting in the article. Due to version issues, the author is different from the set of constants and pre-standards used by the conference papers; after the meeting discovered this problem, Professor Wang Xiaoyun immediately changed the constant, and completed new data analysis in a short period of time. This surprisingly incredible small episode has proved the credibility of their papers, the effectiveness of the attack method, but highlights the success of the research work. At the end of the meeting, many experts surrounded by Professor Wang Xiaoyun, there is a short discussion, and sincere congratulations, the words of rendering. The main founder R. L. Rivest and A. Shamir, including the public key password, also expressed their joy and congratulations.
International cryptography experts gave a high degree of evaluation of Professor Wang Xiaoyun.
MD5 designer, and also the first designer R of the internationally known public key encryption algorithm standard RSA. Rivest wrote in the email: "These results undoubtedly give people a very deep impression, she should get my best congratulations, of course, I don't want to see MD5, but people must respect the truth."
Francois Grieu said this: "Wang Xiaoyun, Feng Deguo, the latest achievements of Jiajia and Yu Red waves show that they have successfully deciphered MD4, MD5, HAVAL-128, RIPEMD-128. And expected to complete SHA-0 with lower complexity Attack. Some preliminary problems have been resolved. They have won very warm applause. "
Another expert Greg Rose Such evaluation: "I just listened to the report of Joux and Wang Xiaoyun, the technology used by Wang used 2 ^ 40 HASH operations at any initial value. She is reported in the report I gave a collision for the four kinds of Hash functions. She won a long-term standing and cheering, (this is the first time in my impression). ... She is a hidden hero of today's password school. ... (Wang Xiaoyun Professor Wang Although technology is not open, the result is no doubt, this technique does exist. ... I am sitting in front of Ron Rivest, I heard him commented: 'We have to do a lot of re-thinking.'
Stone breaking MD5 fortress crashed
A stone hit a thousand waves, and the decipherment of MD5 caused a fierce response of the cryptography. Experts say this is the password school in recent years, "the most substantive research progress", and each password-related website competes to report this amazing breakthrough.
MD5 crack special website close
MD5 crack engineering authority website http://www.md5crk.com/ is set up for the public collection specifically for MD5 attacks, and the website announced on August 17, 2004: "Chinese researchers have discovered collisions of complete MD5 algorithms; WANG, Feng, LAI and YU have announced the collision of MD5, MD4, HAVAL-128, RIPEMD-128 Hash functions. This is the most substantive research progress in the field of cryptography in recent years. Use their technology, in several MD5 collision can be found within hours. ...... Due to this milestone discovery, the MD5CRK project will end within 48 hours. " In this regard, http://www.readyResponse.org Homepage is specifically reprinted with this report http://www.aspenLeaf.com/distribute/distrib-Recent.html and several other websites have also been reported.
Authoritative website successively published a review or report this major research results
After statistics, nearly 400 websites have been released, reference and comment on this result in two weeks. Many of the news websites in China also reported a major event in this password academic community with the "Running Algorithm Security Encryption Function". (Reported to see http://www.technewsworld.com/perl/board/mboard.pl?board=lnitalkback&thread=895&tview=896&display=1&tview=Expanded&mView=flat, the message reproduced multiple times on all news websites.)
Oriental Shen Yun MD5 Terminator from China
Professor Wang Xiaomun, the main member of MD5 cracking, is a thin, sturdy woman, and a thick lens transmitted the math of math. She learned from the famous mathematician Pan Yutong from the University of Shandong, in 1990, she was successfully applied to the password to the password in the well-known teacher of the famous mathematician Pan Chengdong, Mr. Pan, Yu Xiyuan, Shi Tao. In the school, many outstanding results have been obtained, and 863 project funding and national natural science fund projects have been obtained, and one of the department-level scientific and technological progress awards, writing more than 20 papers. Professor Wang Xiaoyun has begun research in Hash function from the end of the 1990s. She led the cryptographic student of Red Box, Wang Meiqin, Sun Qiuxi, Feng Yi and other composed, and professor Feng Deguo, Shanghai Jianda, and the famous scholars. Collaboration, after a long-term persistent effort, the key technologies of cracking the Hash function, successfully cracking MD5 and several other Hash functions.
In recent years, her work has been strongly supported by Shandong University and School of School, special investment in building information security laboratories. Professor Shandong University Professor Huntao attaches great importance to the scientific research results of Professor Wang Xiaoyun. In June 2004, the leaders of Shandong University heard the work introduction of Professor Wang Xiaoyun, and the principal of Yoshao personally issued an invitation letter to invite domestic well-known information security experts to participate in the "Shandong University Information Safety Research Seminar", Mathematics Hospital. Professor Liu Jianya organized and hosted the meeting, and Professor Wang Xiaoyun announced a series of research results of MD5 and other algorithms. Experts gave a full affirmation of her research results and praised their persistent scientific research attitudes. A academician said that her research level is definitely not bad more than the international. The conclusion of this academician has been verified at the international password after a month, and foreign experts have such a strong response show that our work can be said not only the difference in international, but also in cracking the Hash function. . CertainKey, Canada, earlier, announced that the first collision staff of the MD5 algorithm will be given, and CertainKey's original intention is to use parallel computers to find collisions through birthday attacks, and Professor Wang Xiaoyun requires less computational time.
Digital certification, your future is not a dream
Due to the decipherment of MD5, it has triggered a big debate on whether MD5 products can also be used. At the personal forum of Professor Jeffrey I. Schiller, Massachusetts University, many passwordists have published valuable comments in the debate of "Bad Day At the Hash Function Factory" (http://jis.mit. EDU / PIPERMAIL / SAAG / 2004Q3 / 000913.html). Jimees hughes of this International Cryptographic Conference commented "I believe this (crack MD5) is true, and if the collision exists, HMAC is no longer safe, ... I think we should throw MD5 "Hughes suggests that programming staff is best to start discarding MD5. He said: "Since the weakness of this algorithm is now exposed, before the effective attack launched, it is the time to evacuate." Similarly, the personal website of Edwards Felton, Professor Princeton (http://www.freedom-to -tinker.com/archives/000664.html also has similar comments. He said: "What is left to us? MD5 has been seriously injured; its application is to eliminate. SHA-1 is still alive, but it will not be very long, you must immediately change SHA-1, but what kind of Algorithm, this requires a consensus on password researchers. "
Cipher Markku-Juhani said "This is an exciting moment of Hash function analysis field. (Http://www.tcs.hut.fi/~mjos/md5/)"
And the famous computer company Sun's Linuix expert Val Henson said: "We say we say" SHA-1 can be safe, other is not unsafe is unknown ", now we can only summarize:" SHA-1 is not safe, other Both finished.
In response to the report of the Hash function algorithm represented by Professor Wang Xiaoyun, the US National Technology and Standards Bureau (NIST) issued special comments on August 24, 2004, the main content of the comments: "In the nearest international cryptography On the conference (CRYPTO 2004), researchers announced that they found the method of cracking several Hash algorithms, including MD4, MD5, HAVAL-128, RIPEMD and SHA-0. Analysis shows that in 1994, SHA-0 became a federal The change of the information processing standard SHA-1 change algorithm can be cracked; but the complete SHA-1 has not been cracked, and there is no collision of SHA-1. Research results show that the safety of SHA-1 has no problem, However, with the development of technology, technology and standards plan to gradually eliminate SHA-1 before 2010, for other longer and safer algorithms (such as SHA-224, SHA-256, SHA-384 and SHA-512) Alternative. "
Detailed reviews See: http://csrc.nist.gov/hash_standards_comments.pdf