MD5 comes in for further criticism

R.A. Hettinga rah at shipwright.com
Mon Feb 7 14:48:38 EST 2005 

<http://www.techworld.com/storage/news/index.cfm?NewsID=3081&Page=1&pagePos=11>

Techworld.com


07 February 2005
More experts warn of CAS arrays risks
MD5 comes in for further criticism


By Lucas Mearian, Computerworld (US)

More security experts are warning against the use of the flawed hashing
algorithm, MD5, for digital signatures on content addressed storage (CAS)
systems.

Last August, a Chinese researcher, Xiaoyun Wang, unveiled detailsof the
flaw. Other security experts are now chipping in.

 An official at the National Institute of Standards and Technology said IT
managers have good reason to be concerned about security flaws in MD5.
"It's pretty well known right now that it's just not up to what you need,"
said Elaine Barker, head of NIST's computer security division. Barker said
NIST has no plans to certify or recommend the MD5 algorithm for government
use.

The warnings come as more vendors unveil CAS systems to meet the need for
disk-based backup of fixed data such as e-mail and medical images. Experts
say that under specific circumstances, hackers could create files
containing malicious data that could cause data loss or the dissemination
of bad data.

Of the four major vendors of CAS storage, two of them - EMC and Archivas -
use the MD5 algorithm. The other two, Permabit and Avamar Technologies do
not. Archivas said it provides the option of using another method of
indexing, called the Secure Hash Algorithm-1.

Users of EMC and Archivas systems say they aren't concerned about the warnings.

"I believe that the possibility of a (problem) is so unlikely that it does
not bother me," said John Halamka, CIO at Boston-based CareGroup, a
hospital management company. "Thus far, we've been working with (the)
Centera (array) for more than a year without a single issue."

Curt Tilmes, a systems engineer at NASA's Goddard Space Flight Center, has
been beta-testing an Archivas Cluster CAS system for archiving satellite
data about the earth's atmosphere for more than a year.

He said he feels it's secure because it's on a private network with
firewalls. "I suppose it wouldn't hurt [to use a more secure algorithm],
but for my application, it wouldn't have an effect," Tilmes said.

Meanwhile, Sun's long-awaited CAS system, code-named Honeycomb, won't use
the MD5 algorithm because of security concerns, said Chris Woods, chief
technology officer for Sun's storage practice. Woods would not say which
algorithm the company will use to index stored objects.

"It really is time for [the industry] to stop using MD5," said Dan
Kaminsky, a security consultant at Avaya. "MD5 has been a deprecated
hashing algorithm for almost a decade. The industry has clung to the
algorithm, partially out of inertia, partially out of scarcity of computer
power."

In a report last month, Kaminsky pointed out that an attack could be used
to create two files with the same MD5 hash, one with "safe" data and one
with "malicious" data. If both files were saved to the same system, a
so-called collision could result, leading to data loss or the dissemination
of bad data, he said.

Mike Kilian, CTO at EMC's Centera division, contended that MD5 flaws don't
apply to Centera arrays because once a piece of content is stored, a
company can't change it.

"Centera from almost Day 1 has had multiple addressing schemes available to
applications," Kilian said.

Kaminsky disagreed. "Cryptography tends to be a 'garbage algorithm in,
garbage security out' discipline," he said. "Let's say they were appending
custom metadata to the end of their files. Conceivably, the attack would
not care, as once two files have the same hash, you can append the same
[identical] metadata to both of them and they'll still possess the same
hash."

Archivas officials noted that its CAS device does not use the MD5 hash key
to name the file in the archive, the way EMC's product does.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list