[+/-] Digital (in)security

Looks like it's time to upgrade your hats from tinfoil to lead: computer scientists have found previously unknown flaws in three key mathematical functions embedded in common security applications. The weaknesses exist in a popular algorithm called MD5, often used with digital signatures, and in the SHA-1 "Secure Hash Algorithm," which was believed to be secure.

While the results are all preliminary, these discoveries could eventually make it easier for intruders to insert undetectable back doors into computer code or to forge an electronic signature, unless a different, more secure algorithm is used.

The MD5 and SHA-1 algorithms are known to computer scientists as hash functions. They take all kinds of input, from an e-mail message to an operating-system kernel, and generate what's supposed to be a unique fingerprint.

Currently considered the gold standard of its class of algorithms, SHA-1 is embedded in popular programs like PGP and SSL. It is certified by the National Institute of Standards and Technology and is the only signing algorithm approved for use in the US government's Digital Signature Standard. SHA-1 yields a 160-bit output, which is longer than MD5's 128-bit output and is considered even more secure.

Perhaps its time to pump some additional research funding into quantum crytograpy.