The Standards for Efficient Cryptography Group (SECG), an industry consortium founded to develop commercial standards that facilitate the adoption of efficient cryptography and interoperability across a wide range of computing platforms, has updated some of its specifications and has recently launched two new working groups:
ECC Protocol Reference Implementations: tasked with the specification and implementation of a server hosting reference ECC protocols. This server may be used by the development community to vet their protocol implementations;
ECC Certification Authority: tasked with the specification and implementation of an X.509 certificate authority (CA) for the issuance of ECC test certificates. This CA may be used by developers in obtaining test certificates for verifying the correct operation of their products.
For more information, visit: www.secg.org
In February 2005, researchers Xiaoyun Wang, Yiqun Yin, and Hongbo Yu reported a new collision attack on SHA-1, a widely used hash function: improved collision search techniques make it possible to find collisions of SHA-1 with a reported complexity of roughly 2 69 hash operations, considerably less than the 2 80 theoretical bound assumed valid before. The result may have implications for the use of SHA-1 in applications that depend on its collision resistance and where an attacker is able to carry out a so-called chosen message attack. Although the new collision attack is about 2,000 times faster than the brute force method for finding collisions, it is still too slow for today’s computers. Moreover, most digital signature applications include contextual information that will likely foil the attack in practice.
This issue of Code and Cipher examines different types of certificates, their uses and benefits.