Hashes, Pigeon Holes and The Danger of Signing
Hashes cracked!
Thats the headline I've been expecting to post for a while. Yet it still does not seem to be the cutting news it was expected to be.
Having said that the Crypto '04 rump session has everybody looking at their reliance on hashes, while there may be some situations that will need to beware of, the developing consensus is that this is not a problem. Yet...
A hash will have collisions, hence the reference to pigeons in the title. What was disturbing about the crack was that it was not just random collisions but planned and manipulated goal seeking maths was behind it (and lots of cpu time :) Time will no doubt bring out more insights and it seems inevitable that some of the more relied upon hash algorithims will be exposed as having weaknesses.
So it is not really gushing news, but the cut has been made and without attention it just may fester. So deserving of attention that I even decided to link to a much more widely viewed blog. Hashes may become unsafe!
This leads into the third part of my title. The danger of signing. Digital signitures play a very important part in todays and tomorrows financial cryptography. Not all that long ago cipherpunks were pondering the danger of dual-use digital signitures, with the risk of hash comprimise this becomes even more dangerous. That is even if you are inspecting what you are signing, there becomes the possibilty of a deliberatly modified substitue message that will hash out the same (signitures are based on message hash). This will not affect signing purley for authentication, but may cause some severe re-evaluation for authorizations.
New and better techniques, on going development in the field of cryptography and a hopefully sufficient time gap between flaw discovery and practical implementation should keep everything ticking. The lesson, if indeed there is one, is to never assume any one piece is unbreakable. Not only careful coding is required but care in the whole crypto-system is required. For example by implementing an inteligent scanning of the plain-text prior to signing of its hash, and making that signiture known to be true only if the plain text conforms to those standards, then the sneaking in of a malicious text to distort the hash becomes that much harder.
Overall, the threat is still a way off. New systems should however take note and beware.