Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

When Hashes Collide

Compliments of this week's Security Threat Watch newsletter.

The security industry was abuzz last week with news that
collisions--when two different messages result in the same hash--have
been discovered in the SHA and MD5 cryptographic functions. When a
cryptographic hashing function is found to produce collisions, it is
generally accepted that the overall security of the function will
continue to degrade as more optimized methods for producing collisions
are discovered.

In other words, once you can cause the function to
collide, it's only a matter of time until you can find quicker, easier
ways for it to collide. Does this mean that the SHA and MD5 functions
should be immediately tossed into the waste bin? Not necessarily. Using
a stronger SHA version (like SHA-256) is still a viable option at the