Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Attacks on Cryptographic Hashes in Internet Protocols (RFC4270)

IP.com Disclosure Number: IPCOM000132083D
Original Publication Date: 2005-Nov-01
Included in the Prior Art Database: 2005-Dec-01
Document File: 13 page(s) / 27K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

P. Hoffman: AUTHOR [+2]

Abstract

Recent announcements of better-than-expected collision attacks in popular hash algorithms have caused some people to question whether common Internet protocols need to be changed, and if so, how. This document summarizes the use of hashes in many protocols, discusses how the collision attacks affect and do not affect the protocols, shows how to thwart known attacks on digital certificates, and discusses future directions for protocol designers.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 10% of the total text.

Network Working Group                                         P. Hoffman
Request for Comments: 4270                                VPN Consortium
Category: Informational                                      B. Schneier
                                           Counterpane Internet Security
                                                           November 2005


         Attacks on Cryptographic Hashes in Internet Protocols

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2005).

Abstract

   Recent announcements of better-than-expected collision attacks in
   popular hash algorithms have caused some people to question whether
   common Internet protocols need to be changed, and if so, how.  This
   document summarizes the use of hashes in many protocols, discusses
   how the collision attacks affect and do not affect the protocols,
   shows how to thwart known attacks on digital certificates, and
   discusses future directions for protocol designers.

1.  Introduction

   In summer 2004, a team of researchers showed concrete evidence that
   the MD5 hash algorithm was susceptible to collision attacks
   [MD5-attack].  In early 2005, the same team demonstrated a similar
   attack on a variant of the SHA-1 [RFC3174] hash algorithm, with a
   prediction that the normally used SHA-1 would also be susceptible
   with a large amount of work (but at a level below what should be
   required if SHA-1 worked properly) [SHA-1-attack].  Also in early
   2005, researchers showed a specific construction of PKIX certificates
   [RFC3280] that use MD5 for signing [PKIX-MD5-construction], and
   another researcher showed a faster method for finding MD5 collisions
   (eight hours on a 1.6-GHz computer) [MD5-faster].

   Because of these announcements, there has been a great deal of
   discussion by cryptography experts, protocol designers, and other
   concerned people about what, if anything, should be done based on the

Hoffman & Schneier           Informational                      [Page 1]
RFC 4270                   Attacks on Hashes               November 2005


   news.  Unfortunately, some of these discussions have been based on
   erroneous interpretations of both the news and on how hash algorithms
   are used in common Internet protocols.

   Hash algorithms are used by cryptographers in a variety of security
   protocols, for a variety of purposes, at all levels of the Internet
   protocol stack.  They are used because they hav...