Tuesday, April 05, 2005

 

Commerical cryptography falls to Chinese scientist

Chinese mathematician Wang Xiaoyun has decoded two international cipher systems, MD5 and SHA-1, spotting loopholes in the latter.

Wang, aged 40, graduated from the mathematics department of Shandong University and currently serves as a director of the Information Safety Institute in Shandong University.

Professor Wang first declared her research results on MD5 at an international cryptography conference held in the United States in August 2004. Then, in February, she made a breakthrough in spotting loopholes in SHA-1.

The two systems are widely used for digital signatures in E-commerce.

Wang's latest research found that when a user signs a contract with a digital signature, another contract is created with the same signature but totally different content, which could result in "pseudo" collisions that in turn could spawn lawsuits for users.

Her research suggests that the digital signature system should be upgraded or replaced to ensure E-commerce safety.

MD5 was developed by American mathematician Ron Rivest and SHA-1 was developed for the US government but is now the industry standard.

The research results have shocked academic circles worldwide. Most experts believe the practical consequences of the loopholes on such applications is limited, but for the research community, Wang's new findings provide much food for thought. (Link)


# posted by Jacob @ 4/05/2005 07:04:00 p.m.
Digg!
Comments: Post a Comment

<< Home

This page is powered by Blogger. Isn't yours?