散列之争，激战正酣

      美国国家标准与技术研究院（NIST）上周公布了入围“美国下一代安全散列标准竞赛”的51个提案。

      这次竞赛的目的是为了寻找一个强大的替代品，来取代现有的散列函数集。因为现有的散列函数集中有些已经显现出比当初设想的要差的加密性。所有的参赛者在十月底之前的时候就向政府提交了他们的提案。这份上周公布的名单中包含了所有达到政府最低标准的参赛者的名单。

      提案上交之后的下一步是：破解其他参赛者的算法。这对每支参赛队来说都是一个找到其他提案中漏洞最好的机会。根据NIST官方网站，51支参赛队中已有3支承认他们的提案中存在弱点。

      散列算法对计算机安全起着举足轻重的作用。如果可以用数字来识别数据，就像用指纹来识别人一样时。散列算法就可以使一个很大的数据文件（比如word文本或邮件）变烦为简为一个小文件。即使源文件只是做了一点点微小的修改，一个好的散列函数仍然可以给出完全不同的结果。从完整性检查到数字签名，很多的加密和安全功能都会用到散列算法。

      研究人员已经发现了实际的对于旧的散列算法（MD4和SHA-0）的攻击。这种攻击展现了产生“碰撞”的能力，即建立两个文件并可以得到相同散列值的方法。举例来说，通过强制产生“碰撞”，攻击者可以创建一个和源文件电子签名匹配的新文件，这样文件看起来是一样，但实际上内容已经做过修改。另外，一些比较新的散列算法（SHA-1）也已经被发现有弱点。但对于现行的安全标准（SHA-2），研究人员到目前为止还没有发现实际的攻击。所以NIST现在不需要为其找到替代品。

      联邦政府将在明年二月底的时候举行一个研讨会来专门讨论这些散列算法的提案。到2010年，NIST的目标是将提案缩减到12个左右，并计划举行第二次研讨会。

 

原文：

Hash contest moves on to mass free-for-all
Published: 2008-12-22

The National Institute of Standards and Technology (NIST) published last week a list of 51 submissions that made the initial cut in the competition to become the next secure hashing standard for the United Stated.

The contest seeks to find a strong replacement for the current family of hash functions, some of which have been shown to be cryptographically weaker than originally thought. The teams first submitted their proposals to the government agency at the end of October. The list, published last week, represents those proposals that satisfied the government baseline criteria.

The next step for the teams behind the submissions: Cracking the other algorithms. The best chance for each team's hashing proposal will be to find flaws in the other submissions. Already, three of the 51 teams have acknowledged that there are weaknesses in their proposal, according to NIST's Web site.

Hash algorithms are very important functions in computer security. The algorithms can reduce a large data file -- such as a Word document or e-mail message -- to a simple, if sometimes long, number that can be used to identify the data, in the same way that fingerprints are used to identify humans. A good hash function gives a completely different result if the original file is changed even slightly. A variety of encryption and security functions use hashes, from integrity checks to digital signatures.

Researchers have found practical attacks against older hash functions known as MD4 and SHA-0, demonstrating the ability to generate "collisions," ways of creating two data files that result in the same hash. By forcing a collision, an attacker could, for example, create a modified version of a contract that appears to match -- according to the hash -- the original digitally-signed document. Some weaknesses have been found in a more recent hashing algorithm, known as SHA-1. And, while no practical attacks have been found against the current secure standard, SHA-2, NIST is not waiting to find a replacement.

The federal agency will host a conference on the proposals at the end of February to discuss the field of hash proposals. By 2010, NIST aims to whittle the field down to a dozen or so contenders, and plans to hold a second conference.