Cryptography Reference
In-Depth Information
What Next?
So far, one can only compute collisions, i.e., create pairs of messages with
identical hash values. If you create an MD5 hash sum of a document, the content
of which you want to protect against forgery, then don't be sure that nobody can
derive a second document with this checksum. In the
Tripwire
program that
checks system files regularly for changes on UNIX/Linux computers, the fastest
of all commonly used hash functions, i.e., MD5, is still sufficient. You can also
protect messages by MD5-HMAC. With MD5 sums for documents of unknown
origin, however, you should consider whether or not the creator could have an
interest in bringing two different versions with identical sums into circulation.
In contrast, pseudo-collisions where two equally long messages,
N
and
N
, for
given different equally long messages,
M
and
M
, can be found by,
||
||
hash(M
N) = hash(M'
N')
which would allow you to forge digital signatures for practical purposes. But
this is currently out of the question (you can find details in [Wobhash]). And in
particular, you cannot invert a hash function, except if MD4 were reduced to
two rounds. For creating
one-time passwords
(Section 6.5), MD5 is probably
still acceptable. In contrast, you shouldn't use MD4 for this purpose any longer,
though the full function has not been inverted yet.
With regard to new or updated hardware and software, you would do best to
follow the NIST recommendation and migrate to
SHA-256
. Though this hash
function is the slowest, it has a more compact code and should be resistant
to new types of attacks for a reasonably long time. However, nobody can tell
what surprises we may expect in the next few years, since cryptanalysis of
hash functions has only just started intensively. Rivest said once that 'it's not
hard to design a secure cryptographic hash function. Things get hard when it
is supposed to be fast, too.'
6.3.2 Creating Digital Signatures
Digital signatures are intended to replace signatures on paper. Let's see what
characteristics are important.
1. The signature cannot be forged.
2. The signature was put on a document out of free will.
