Novas funções de síntese criptográfica (hash)

Parece uma notícia muito técnica mas é muiiito importante para a segurança dos sistemas reais:

"The National Institute of Science and Technology (NIST) recently announced a competition to create a new hash algorithm. Hashes are algorithms that convert blocks of data into a short fingerprint to use in message authentication, digital signatures, and other security applications.

The competition comes as advances in algorithm analysis make the current SHA-1 and SHA-2 family standards more vulnerable. NIST plans to have the new hash algorithm, which will be known as Secure Hash Algorithm-3 (SHA-3) augment the standards presently specified in the Federal Information Processing Standard (FIPS) 180-2, Secure Hash Standard. Federal civilian computers are required to use these standards, and many in the private sector adopt them as well.

In particular, the SHA-1 family has been seriously attacked in recent years. ...

NIST's goal is to provide greater security and efficiency for applications using cryptographic hash algorithms. ...

A draft set of requirements for acceptability, submission and evaluation criteria were published in January of 2007 and after a three month open comment period, were revised. The actual requirements for the competition (PDF) were published to the federal register on November 2, 2007.

FIPS 180-2 specifies five cryptographic hash algorithms: SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512. Superseding FIPS 180-1 in August of 2002, FIPS 180-2 is already five years old, and with advances in cryptography and computing power, it's hard to be surprised that those algorithms have come under heavy attack."

Notícia completa: DailyTech