The Secure Hash Algorithm (SHA) is a family of cryptographic hash functions, now in its fourth generation (SHA-3), published by the National Institute of Standards and Technology (NIST) in coordination with the Federal Information Processing Standard (FIPS) framework. The SHA-3 progress as engineers discussed the latest round of penetration testing. community recently got an inside look at
SHA-3, formerly known as Keccak, was selected last October as the NIST design of choice after a five-year competition which drew 64 independent submissions. According to InformationWeek, the next-generation standard was designed to address vulnerabilities that still, as of yet, have not been exploited in the SHA-2 iteration. Nevertheless, cryptographers understand the importance of staying several steps ahead of an increasingly refined and resourceful cybercriminal community.
As GCN columnist William Jackson explained, hash algorithms work by creating random bit strings which are unique to the specific digital document they protect. If the original file has been altered or corrupted by a third-party, administrators will be alerted by the fact that the digest no longer produces an exact match.
Hackers traditionally attempt to bypass theseby way of a collision attacks. According to Jackson, the perpetrators attempt to find two messages which produce the same hash value in an attempt to reverse engineer a key.
At the RSA Conference held late last month, the encryption experts tasked with SHA-3's continued development revealed that a new breed of collision attacks have proven successful at cracking up to five rounds of encryption. While this demonstrates a new level of malevolent efficiency, according to Jackson, it is still a far cry from the 24 rounds of encryption called for in the SHA-3 implementation.