Time for the next wave of hashing functions?
As Eli just blogged, it appears as though the vultures are circling some of the current hashing algorithms - MD4, MD5, and now SHA1.
This weekend on the Readify in-house tech-list we've been having quite a lengthy in-house discussion about this topic and what it means exactly for the immediate future. It was a pretty lively thread and generated quite a bit of interest.
I'd really suggest that, as front-line people who will get asked about this stuff over the next 6-12 months by customers that it's important to spend some cycles researching the problem and understanding what has happened. While it's not likely that your bank will suffer from a related attack this week, it is probably a portent of a coming change in hashing recommendations at some stage in the not too distant future. My take is that we really need to adopt a wait-and-see approach until we see direction from some of the larger players such as Microsoft and more information becomes readily available. One good site might be: http://csrc.nist.gov/ , I see that their last announcement on this topic was late August of last year:
http://csrc.nist.gov/hash_standards_comments.pdf
Overall, I think that Mitch put it quite nicely:
We should definitely explore the facts and use them as a constant reminder that things like crypto algorithms do need to change over time.