Cryptographers have found a way to snip a digital signature from one
document and attach it to a fraudulent document without invalidating
the signature and giving the fraud away.
development means that attackers could potentially forge legal
documents, load certified software with bogus code, or turn a
digitally-signed letter of recommendation into one that authorises
access to private information.
Cracks in these hash functions first surfaced in August 2004 when
Xiaoyun Wang and colleagues at the Shandong University of Technology in
China, demonstrated that two documents could be found that produced the
same hash function called MD-5.
in February 2005 Wang demonstrated the same thing – called a collision
– but with the US Government’s gold-standard algorithm SHA-1, which was considered more secure than MD-5.
Read the full article at New Scientist.