If you haven't yet, Stop using MD-5 and SHA-1 today

Cryptographers have found a way to snip a digital signature from one
document and attach it to a fraudulent document without invalidating
the signature and giving the fraud away.

development means that attackers could potentially forge legal
documents, load certified software with bogus code, or turn a
digitally-signed letter of recommendation into one that authorises
access to private information.

Cracks in these hash functions first surfaced in August 2004 when
Xiaoyun Wang and colleagues at the Shandong University of Technology in
China, demonstrated that two documents could be found that produced the
same hash function called MD-5.

in February 2005 Wang demonstrated the same thing – called a collision
– but with the US Government’s gold-standard algorithm SHA-1, which was considered more secure than MD-5.

Read the full article at New Scientist.


Author: Xavier Ashe

Entrepreneur, Infosec Executive, CISSP, CISM, Ironman triathlete, traveler, UU, paleo, father of 8, goyishe, gamer, & geek. http://linkedin.com/in/xavierashe

0 thoughts on “If you haven't yet, Stop using MD-5 and SHA-1 today”

  1. “The findings rattled cryptographers, but it was still not clear that malicious attackers would be able to exploit them. Although the collisions could be used to produce two documents with the same signature, there was no way to control the content of the documents.”
    Read the article before posting


  2. Ok, this has been around for awhile, authentiction algorithms have been known to be duplicated or replicated before but not fully minipulated. Also, some “independent security consultant” can tell me his oppinion all he wants, went it boils down to it he can think whatever he want.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s