Encryption flaws no huge worry
Encryption flaws no huge worry
Recent reports about encryption flaws in hash algorithms is not considered to be the security risk that some might fear, although concerns do show that alternatives are needed, according to Gartner.
Vulnerabilities were found in hash algorithms at the Crypto 2004 conference held recently in Santa Barbara, California this month.
Speakers talked about risks in Secure Hash Algorithm (SHA-1), which is used commonly in encryption programs such as PGP (Pretty Good Privacy), and Secure Sockets Layer (SSL).
These faults follow flaws found in SHA-0 (which preceded the SHA-1); and Message Digest Algorithm #5 (MD5), which is sometimes used in digital signatures.
However, analysis by Gartner reveals that these flaws do not pose big problems in the short term.
They could be cause for concern in the few PKI (public-key infrastructure) or digital signature products that still use MD5, but other uses of hashes are protected by other security mechanisms.
Gartner recommends the use of SHA-1 instead of MD5 and SHA-0 and suggested that vendors and developers should create software that can use multiple algorithms and backward compatible with broken ones, because all encryption algorithms can be compromised.
Gartner believes that if software is architected correctly, the products will only need to turn off new uses of the flawed algorithms.
Related Article: