- Dec 30, 2012
- 4,809
Summary: Industry and standards bodies had announced the transition from SHA-1 hashes to SHA-2 in certificates some time ago, but adoption was weak. Now Heartbleed has created an opportunity to jumpstart the transition.
Heartbleed is a great example of how spectacular security failures grab the popular imagination. There is another set of problems much less sexy and harder to fix: keeping standards progressing. As it happens, Heartbleed creates an opportunity to advance one of these standards: cryptographic hashes.
Because of their importance, a great deal of research, both black- and white-hat, is done on the important crypto functions. Over time, weaknesses will appear in even the state-of-the-art ones, sometimes just because computing power increases over time to the point where some brute force attacks become practical.
Hashes are a fundamental part of much of cryptography, and a weak hash makes for weak encryption. A hash function takes a block of data as an input and outputs a value of a defined size, known as the hash or digest. With a good hash algorithm, there is no way to take the hash output and learn anything about the input data, and even a small change in the input will cause a large change in the hash output. Cases where two different blocks of data produce the same hash may be possible, but they better be rare and, more importantly, unpredictable.
Full Article
Heartbleed is a great example of how spectacular security failures grab the popular imagination. There is another set of problems much less sexy and harder to fix: keeping standards progressing. As it happens, Heartbleed creates an opportunity to advance one of these standards: cryptographic hashes.
Because of their importance, a great deal of research, both black- and white-hat, is done on the important crypto functions. Over time, weaknesses will appear in even the state-of-the-art ones, sometimes just because computing power increases over time to the point where some brute force attacks become practical.
Hashes are a fundamental part of much of cryptography, and a weak hash makes for weak encryption. A hash function takes a block of data as an input and outputs a value of a defined size, known as the hash or digest. With a good hash algorithm, there is no way to take the hash output and learn anything about the input data, and even a small change in the input will cause a large change in the hash output. Cases where two different blocks of data produce the same hash may be possible, but they better be rare and, more importantly, unpredictable.
Full Article
