 |
Java开发网 |
|
注册 |
登录 |
帮助 |
搜索 |
排行榜 |
发帖统计
|
| 您没有登录 |
» Java开发网 » Java Security
 打印话题
寄给朋友
订阅主题
|
    
|
| 作者 | 演算法安全加密功能露破绽 密码学界一片哗然 |
helloworld
 
发贴: 0 积分: 0 
|
 于 2004-08-19 14:16
    
上周四(12日)法国电脑科学家Antoine Joux宣布,已在常用的一种演算法中,找到一个弱点;这种演算法称为“MD5”(讯息摘要5),常搭配数字签名(digital signature)使用。紧接着,四位中国研究员发布报告指出,有办法破解另一种称为“SHA-0”(安全杂凑演算法0)的演算法。 虽然这些只是初步的研究结果,但新的发现到头来可能让有心人士更轻易在电脑程序中植入不容易察觉的后门,或伪造电子签名——除非改用不同的、更安全的演算法。 第三个可能更具爆炸力的宣布,订于周二(17日)晚间在加州圣塔芭芭拉举行的Crypto 2004会议上发布。 以色列科技研究所研究员EliBiham和Rafi Chen原本计划在会中发布报告,指出几种破解“SHA-0”演算法安全功能的方法。现在,他们打算在会议中进一步谈论有关“SHA-1”演算法的“劲爆消息”。这场会议订于太平洋夏令时间17日晚间7时开始。 “SHA-0”不完美,是己知的事实;但若“SHA-1”发现重大弱点,视细节而定,可能震撼电脑安全界。 目前被奉为同级演算法中的圭臬,“SHA-1”嵌入诸如加密软件(PGP)和安全插座层协定(SSL)等使用广泛的程序中。“SHA-1”已获美国标准与技术研究院(NIST)的认证,而且是唯一获准用于美国政府“数字签名标准”的签名演算法。“SHA-1”产生160位的数字与字串,长度比MD5产生的128位更长,因此被视为更安全。 Crypto 2004会议总主席Storage Tek高级研究员Jim Hughes 17日早晨表示,此讯息太重要了,因此他已筹办该会成立24年来的首次网络广播(Webcast)。在传至加密学相关邮件清单的投书中,Hughes透露:“会中将提出三份探讨杂凑冲撞(hash collisions)重要的研究报告。”其中一份是Joux的研究发现。 接受电话访问时,Hughes说:“若你发现,有两份合同经杂凑处理的数字签名相同,你大可用甲合同替代乙合同。闹上法庭时,哪一份才是有效的合同,至少有个灰色地带。那种可能性极高。” 不论是“MD5”、“SHA-0”或“SHA-1”演算法,都使用电脑科学家所谓的杂凑函数(hashfunctions)。运用这些演算法,可把电子邮件讯息乃至操作系统核心等各式各样的信息内容混杂起来,产生理论上应是独一无二的指纹档(fingerprint)。原始信息内容稍有改变,即使只更动一个字母,再使用一次演算法后产生的指纹档也会截然不同。 安全应用程序的防护机制是建筑在指纹档的独一无二性之上。万一某个不怀好意的黑客有办法以不同的信息内容产生相同的指纹档,则那个复制指纹档——即“杂凑冲撞”(hash collision)——就会把被植入后门的软件确认为安全无虞,可供使用者下载和执行。这么一来,有心人士便可趁机假冒电子邮件签名,指示把某人的银行帐户搬空。 研究员长久来就知道,没有一种可实际使用的加密演算法是绝对安全的;他们所能做的,是设法设计出一种需要旷日废时方能复制指纹档的演算法。“SHA-1”被视为安全可靠,系因研究员相信,运用目前已知的技巧,不可能刻意制造出杂凑冲撞。 但若是“SHA-0”潜在的弱点也出现在“SHA-1”之中,那意味复制出指纹档的速度可加快大约5亿倍——若把一堆高速个人电脑连结成网,有能力达此目标。 “MD5”演算法的弱点是更迫在眉睫的威胁。开放源代码的Apache网络服务器产品使用“MD5”杂凑,以确保数十个映像网站上的源代码不被窜改,可安全执行。Sun Solaris Fingerprint Database也采用相同的杂凑演算法技术。 近日来被揪出的“MD5”弱点,意味黑客可能在数小时之内用标准个人电脑产生出杂凑冲撞。但要编写特定的后门程序,再覆以相同的杂凑冲撞,则可能更费时。 话虽如此,Hughes建议,程序设计人员最好开始舍弃“MD5”。他说:“既然现在这种演算法的弱点已暴露出来,在有效的攻击发动之前,现在是撤离的时机。” 源自:ZDNET http://software.silicon.com/malware/0,3800003100,39123260,00.htm Digital signatures could be forged, claim boffins August 18 2004 by Declan McCullagh Weakness exposed in the mathematical algorithms … Encryption circles are buzzing with news that weaknesses in the mathematical functions of digital signatures could allow them to be forged. French computer scientist Antoine Joux first claimed to have uncovered a flaw in a popular algorithm called MD5, often used with digital signatures. Then four Chinese researchers released a paper that reported a way to circumvent a second algorithm, SHA-0. While their results are preliminary, these discoveries could eventually make it easier for intruders to insert undetectable back doors into computer code or to forge an electronic signature - unless a different, more secure algorithm is used. A third announcement, which was even more anticipated, took place on Tuesday evening at the Crypto 2004 conference in California. Eli Biham and Rafi Chen, researchers at the Israel Institute of Technology, originally were scheduled to present a paper identifying ways to assail the security in the SHA-0 "Secure Hash Algorithm," which was known to have imperfections. In a presentation on Tuesday evening, however, Biham reported some early work toward identifying vulnerabilities in the SHA-1 algorithm, which is believed to be secure. Biham's presentation was very preliminary, but it could call into question the long-term future of the wildly popular SHA-1 algorithm and spur researchers to identify alternatives. Currently considered the gold standard of its class of algorithms, SHA-1 is embedded in popular programs like PGP and SSL. It's certified by the National Institute of Standards and Technology and is the only signing algorithm approved for use in the US government's Digital Signature Standard. SHA-1 yields a 160-bit output, which is longer than MD5's 128-bit output and is considered more secure. Jim Hughes, general chairman of the Crypto 2004 conference, said on Tuesday morning that the news was sufficiently important that he was organising the first Webcast in the conference's 24-year history. "There are three significant rump session papers on hash collisions that will be presented," including an update on Joux's findings, Hughes said in a message to a cryptography-related mailing list. "If you could find two contracts that hash out to the same signature, you could replace one with the other and in a court of law there would be at least an ambiguity about which one is valid," Hughes, a senior fellow at StorageTek, said in a telephone interview. "That's a very significant possibility." The MD5, SHA-0, and SHA-1 algorithms are known to computer scientists as hash functions. They take all kinds of input, from an email message to an operating-system kernel, and generate what's supposed to be a unique fingerprint. Changing even one letter in the input file results in a completely different fingerprint. Security applications rely on these fingerprints being unique. But if a malicious attacker could generate the same fingerprint with a different input stream, the cloned fingerprint - known as a hash collision -- would certify that software with a back door is safe to download and execute. It would help a crook who wanted to falsely sign an email instructing that someone's bank account be emptied. Declan McCullagh writes for CNET News.com |
| 作者 | Re:演算法安全加密功能露破绽 密码学界一片哗然 [Re:helloworld] |
Jove
CJSDN高级会员 
发贴: 1228 积分: 194
|
于 2004-08-19 15:55
恐慌 |
| 作者 | Re:演算法安全加密功能露破绽 密码学界一片哗然 [Re:helloworld] |
menzy
版主 
发贴: 754 积分: 113
|
于 2004-08-26 07:39
昨天看见了,只怕美国的电子签名法案要修改了 |
| 作者 | Re:演算法安全加密功能露破绽 密码学界一片哗然 [Re:helloworld] |
rainman
阿熊 元老 
发贴: 5644 积分: 454
|
于 2004-08-26 08:44
Jute就没用MD5做加密算法. 先见之明啊. ---- "加密算法码用得人多了, 自然就会有破解办法" |
| 作者 | Re:演算法安全加密功能露破绽 密码学界一片哗然 [Re:helloworld] |
guru
发贴: 131 积分: 53
|
于 2004-09-22 01:17
oh! a really big news! |
| 作者 | Re:演算法安全加密功能露破绽 密码学界一片哗然 [Re:helloworld] |
|
urfrog
发贴: 1 积分: 0
|
于 2004-12-09 17:46
MD5?
urfrog edited on 2004-12-09 17:53
|
|
|
已读帖子 新的帖子 被删除的帖子 |
|
 |
Powered by Jute Powerful Forum® Version Jute 1.5.6 Ent Copyright © 2002-2021 Cjsdn Team. All Righits Reserved. 闽ICP备05005120号-1 客服电话 18559299278 客服信箱 714923@qq.com 客服QQ 714923 |