It seems that the data security landscape is constantly changing. Every day, new threats arise and fresh best practices emerge to keep companies at the forefront of protecting sensitive information. PKWARE’s staff of experts in data security share their thoughts in our blog, highlighting the most current topics on data security, management, and reduction. Check back frequently and join the conversation.

Future Encryption Standard Weathers Test Attacks

Posted by on in Data Security

The Secure Hash Algorithm (SHA) is a family of cryptographic hash functions, now in its fourth generation (SHA-3), published by the National Institute of Standards and Technology (NIST) in coordination with the Federal Information Processing Standard (FIPS) framework. The data security community recently got an inside look at SHA-3 progress as engineers discussed the latest round of penetration testing.

SHA-3, formerly known as Keccak, was selected last October as the NIST design of choice after a five-year competition which drew 64 independent submissions. According to InformationWeek, the next-generation standard was designed to address vulnerabilities that still, as of yet, have not been exploited in the SHA-2 iteration. Nevertheless, cryptographers understand the importance of staying several steps ahead of an increasingly refined and resourceful cybercriminal community.

As GCN columnist William Jackson explained, hash algorithms work by creating random bit strings which are unique to the specific digital document they protect. If the original file has been altered or corrupted by a third-party, administrators will be alerted by the fact that the digest no longer produces an exact match.

Hackers traditionally attempt to bypass these data security solutions by way of a collision attacks. According to Jackson, the perpetrators attempt to find two messages which produce the same hash value in an attempt to reverse engineer a key.

At the RSA Conference held late last month, the encryption experts tasked with SHA-3's continued development revealed that a new breed of collision attacks have proven successful at cracking up to five rounds of encryption. While this demonstrates a new level of malevolent efficiency, according to Jackson, it is still a far cry from the 24 rounds of encryption called for in the SHA-3 implementation.

Comments

  • No comments made yet. Be the first to submit a comment

Leave your comment

Guest Thursday, 17 April 2014