IBM has claimed that it has made a breakthrough in data security that could potentially usher in a new era of manipulation of sensitive encrypted data without revealing what the data actually is. The idea isn’t new, Ronald Rivest (the R in RSA) thought it up thirty years ago; thinking it to be too infeasible to ever implement. The future implications on data security are very promising to say the least.
Bruce Schneier writes about a new cryptanalysis attack published recently brings the SHA-1 hashing algorithm increasingly closer to a realistic collision. Considering the SHA-1 algorithm is designed closeley to the principles of MD4 and MD5 hashing algorithms, it seems not a question of if, but a question of when. Bruce writes:
A new attack can, at least in theory, find collisions in 252 hash operations — well within the realm of computational possibility. Assuming the cryptanalysis is correct, we should expect to see an actual SHA-1 collision within the year.
This has little immediate real-world implications on data security since most have moved on to stronger or the SHA-2 family of algorithms which, for now, are safe. Nontheless, the NIST has already begun development on a “SHA-3″ algorithm with publication to be expected in 2012.
