http://online.wsj.com/article_print/0,,SB111084838291579428,00.html
The Wall Street Journal
March 15, 2005
PAGE ONE
Crack in Computer Security Code Raises Red Flag
Obscure but Worrying Flaw
Compromises 'Fingerprint'
Widely Used on Internet
By CHARLES FORELLE
Staff Reporter of THE WALL STREET JOURNAL
March 15, 2005; Page A1
With worries about online security already at a high pitch, the discovery
of a crack in a widely used Internet encryption technique has raised
another red flag among government agencies and computer-code experts.
The technique, called a hash function, has been used for years by
Web-site operators to scramble online transmissions containing credit-card
information, Social Security numbers and other sensitive data. Hash
functions are at work, for instance, for most of the millions of
transactions that take place on the Internet every day. The system,
involving an algorithm, or mathematical formula, was thought to be
impenetrable.
But last month, a team of researchers from Shandong University in eastern
China began circulating a draft of a paper showing that a key hash function
used in state-of-the-art encryption could be less resistant to an attack by
hackers than had been thought.
Hash functions generate digital fingerprints, or hashes, of documents or
data. As with fingerprints, the uniqueness of the hash is what makes hash
functions a great tool for verifying the authenticity of information.
But the Chinese team found different pieces of data that yielded the same
hash when team members used a hash algorithm called SHA-1 -- and their
method generated the identical hash far more efficiently than experts
thought possible. SHA-1 is a federal standard promulgated by the National
Institute of Standards and Technology and used by the government and
private sector for handling sensitive information. It is thought to be the
most widely used hash function, and it is regarded as the state of the art.
Cryptographers say exploiting the flaw for malevolent purposes doesn't seem
practical, even using a lot of computer power. Hash functions are also
often used in conjunction with other cryptographic techniques, which
haven't shown any flaws. But if someone were to exploit the newfound flaw,
the most immediate threat would be to applications involving
authentication. A hacker theoretically could set up a dummy Web site that
appears to have the security credentials of a trusted, secure site -- and
then steal data that is shipped to this site by unsuspecting users.
Despite what are believed to be remote chances of abuse, the discovery has
set off alarms in the computer-security industry because it overturns a
bedrock belief about a popular encryption system. Our heads have been spun
around, says Jon Callas, chief technology officer at encryption supplier
PGP Corp. of Palo Alto, Calif. Everything is now topsy-turvy. PGP has
begun to replace SHA-1 in its programs.
Another provider of widely used security systems, RSA Security Inc. of
Bedford, Mass., is doing an inventory of its products to see how they use
SHA-1 with an eye toward phasing it out. (RSA makes the popular SecurID
cards used by many companies to ensure that only employees have remote
access to computer networks.) The National Institute of Standards and
Technology recommends not using SHA-1 in any new applications and is
instructing federal agencies to develop plans for removing it from existing
ones.
The Chinese team hasn't published its paper on SHA-1, but the flaw is
real, says Bruce Schneier, a cryptographer and chief technology officer
of Counterpane Internet Security Inc., who has seen a draft of the paper.
Academically, this is stunning work.
The Chinese researchers haven't caused panic yet, says Avi Rubin, a
computer-security expert at Johns Hopkins University. But it's definitely
a wake-up call.
The discovery follows recent research showing flaws in other hash
functions. And it comes at a time when information-security concerns have
been sharply heightened by problems not involving hash functions.
Recent breaches at data aggregators ChoicePoint Inc. and Reed Elsevier
PLC's LexisNexis exposed personal data on more than 100,000 Americans to
identity thieves. And a poorly designed online system allowed scores of
business-school applicants earlier this month to view decision letters
ahead of time.
Hash functions take a piece of data -- anything from an e-mail message to a
giant database file -- and generate a short string of ones and zeros, 160
of them in SHA-1, that functions as the datum's unique fingerprint. Nothing
else should generate the same hash, and a person in possession of only
the hash can't figure out what the e-mail said or what the database
contained.
Those properties make hash functions well-suited to authentication --
they are used to make sure the Web site to which you send money actually
belongs to, say, your bank or credit-card company -- not some rogue
operator out for a scam. Hash-function
