Simply Security - News, Views, and Opinions from Trend Micro

Posted on October 9th, 2012 in Research by Simply Security | Be the first to comment | Tags: Research

NIST officials have decided upon the next generation of encryption standards.

Following concerns that the third iteration of the secure hash algorithm (SHA-2) may be vulnerable to attack, the National Institute of Standards and Technology (NIST) issued an open call in 2007 to engineers capable of developing a more robust encryption standard. After five years of competition, the agency has selected an SHA-2 successor. A group of Belgian and Italian cryptography experts from STMicroelectronics and NXP Semiconductors beat out 63 other teams vying for the SHA-3 mantle with a submission nicknamed "Keccak."

Employing hash algorithms has become a staple data protection solution in recent years. Most often, the tactic supports cryptographic programs intended to ensure the authenticity of digital documents, including electronic signatures. The algorithms are used to essentially create a coded replica, or digest, of the original content. Effective digests must adapt to reflect any authorized changes made to the document while also resisting forgery attempts that could produce a different file from the same digest and invalidate the process.

According the NewScientist, flaws discovered in SHA-1 back in 2004 greatly reduced the time it would take hackers to discover vulnerabilities and create unauthorized duplicates, or "collisions" as encryption professionals call them. Unfortunately, the SHA-2 family had already been approved before this issue was discovered, leading some to fear that the flaw could have carried over to the next generation.

Although these concerns were ultimately unfounded, the NIST decided to move forward with its SHA-3 competition nonetheless to promote education and potentially spur innovation in the area. As a result, Keccak has opened the door to some exciting possibilities.

"Keccak has the added advantage of not being vulnerable in the same ways SHA-2 might be," explained NIST data security expert Tim Polk. "An attack that could work on SHA-2 most likely would not work on Keccak because the two algorithms are designed so differently."

While some worried that too many encryption options could make for a "bad standard," according to InformationWeek, experts insist Keccak's emergence is actually a very positive development. While there are few if any data security threats that would currently inspire users to abandon SHA-2 protocol, it is good to know that a fallback solution is already in place.

What's more, this gives researchers additional time to figure out the settings and scenarios in which SHA-3 will work best. According to the NIST, Keccak has several unique characteristics that could make it a perfect option for for smart devices such as remote security sensors and home appliances. As the Internet of Things grows ever-larger, SHA-3 could be a vital utility.

Data Security News from SimplySecurity.com by Trend Micro