Colloquium Summary: 1
10/18/2007
Recent Progress in Cryptographic Hashing
John R. Black
This is a John Black's tenure talk for all his 7 years of research at CU-Boulder. His work focused on digital signatures and application level of network security. He is also interested very much in hashing today. The following are the bullet points from his talk:
- His articles/papers were on slashdot twice.
- He talked about cryptographic hash function – MD5 and SHA-1.
- He first gave basis of hash function, esp. in security aspect, but he will be focusing on collision resistance.
- He then gave a brief talk about how to build a hash function and how they break (collide).
- MD4 is broken in 1997.
- MD5 is broken by Xiaoyun Wang in 2004.
- He talked briefly about compression function.
- He published a paper to improve MD5 collision and posted them all online in his website.
- Why collision is so important? Ans:Forge signatures.
- Two documents/Linux binaries are hashed to the same thing, resulting in attacks/forgery.
- SHA-1 is now under attack by Wang and lots of new efforts.
- He expects to see SHA-1's collision by next year.
- He approaches his cryptanalysis work by looking at the current papers.
- He then needs to read everything up to current to build more and more tuition.
- He uses mathematics background to pick the right tools.
- SSL is built on top of hash function so we should be aware of hash function break.
- Even more, most unix password are MD5-hashed.
- He even contacted the agency to make sure he will not go to jail for his research.