Several vulnerabilities in SHA-3 candidates
Security experts have discovered a number of weaknesses in the candidates for the next SHA-3 hash standard. According to the Fortify security blog, the MD6 implementation from Professor Ron Rivest and his team contains three buffer overflows and there are believed to be problems in the Blender, Crunch, FSB and Vortex implementations.
According to their blog, the quality of the 42 entries that have entered the first round of the competition has impressed the Fortify team. Although the competition is looking for an algorithm, each algorithm has to be accompanied by a reference implementation in C. Fortify took these C reference implementations and analysed them with the Fortify Source Code Analyzer (SCA).
Whichever algorithm is chosen as the future SHA-3 default, its accompanying C reference implementation will be used as the basis of other implementations. Vulnerabilities in that reference implementation would be a big problem if they were discovered later. For example, at the end of the nineties, RSAREF, the reference implementation of the RSA algorithm, which Professor Rivest was also involved in, was found to have a bug, which in turn affected OpenSSL, SSLeay and two other SSH implementations.
See also:
- SHA-3 Round 1:Buffer Overflows, a Fortify Blog entry.
- The Cryptography Olympics : the hash algorithm contest, a report from The H.
- The Consequences of the successful MD5 attack
(djwm)