Time for the next wave of hashing functions?

As Eli just blogged, it appears as though the vultures are circling some of the current hashing algorithms - MD4, MD5, and now SHA1.

This weekend on the Readify in-house tech-list we've been having quite a lengthy in-house discussion about this topic and what it means exactly for the immediate future.  It was a pretty lively thread and generated quite a bit of interest.

I'd really suggest that, as front-line people who will get asked about this stuff over the next 6-12 months by customers that it's important to spend some cycles researching the problem and understanding what has happened.  While it's not likely that your bank will suffer from a related attack this week, it is probably a portent of a coming change in hashing recommendations at some stage in the not too distant future.  My take is that we really need to adopt a wait-and-see approach until we see direction from some of the larger players such as Microsoft and more information becomes readily available.  One good site might be: http://csrc.nist.gov/ , I see that their last announcement on this topic was late August of last year:

    http://csrc.nist.gov/hash_standards_comments.pdf

Overall, I think that Mitch put it quite nicely:

We should definitely explore the facts and use them as a constant reminder that things like crypto algorithms do need to change over time.

 

No Comments