Freedom to Tinker Crypto Report

Boingboing buddy Eli the Bearded says:

Freedom to Tinker is reporting that two groups have signifcantly damaged the current leaders in cryptographic hashes. A French team has found collisions in a weakened form of the SHA-1 hash, which can probably be extended to the full SHA-1; and a Chinese team has found an out and out clash in MD5.

What does this mean? Well the hashes are digital abstracts from some input value (eg file) that are used to verify that the input value is unmodified. Due to the size of the hashes it has always been known that clashes would occur, but it was hoped that finding one would be impossible due to the large size of the hash space and the complexity of the generation process. Now that hope is shattered.

These hashes are used to verify integrity of downloaded programs, integrity of https site certificates, in pgp/gpg keys, etc. In other words lots of modern crytography is going to feel the waves from this.