Digital Signatures - The Ultimate Computing Safeguard Has Been Compromised

The backbone of digital signatures, MD5 algorithms, has been compromised making it easy to introduce forgeries. This presents extremely serious implications for digital forensics, the methodology used to investigate and track down cyber and computer criminals and their fraudulent practices. A digital signature is similar to a finger print. It is distinct and identifies a single solitary computer file without revealing its content. MD5 encryption is an algorithm (precise set of rules that specify how to solve a problem) that are suppose to be irreversible. The MD5 algorithm reads the contents of a document and assigns a digital signature or fingerprint to it based upon that content. No two documents contain the exact same content; therefore no two documents MD5 algorithm digital signature should ever be the same. Just as no two individuals have the exact same fingerprints.

Using his laptop computer and a PlayStation 3 console, Marc Stevens, a PH.D Student of Cryptology at Amsterdam, the Netherlands, Centrum Wiskunde and Informatica, broke the MD5 algorithm, enabling him to create digital documents with the exact same digital signatures. According to Stevens, the multiple computing cores of the PlayStation performed like a cluster of 40 PCs making it possible to compromise the cryptographic algorithm calculations in less than a day to create the digital forgeries. In actuality, any two computational file algorithm can be broken, however, it generally it takes vast amount of time and computer processing power. Stevens developed a system that works with resources that can be found in most homes in America.

MD5 algorithm checks a digital document file's length in order to establish its digital signature. Stevens's system adds junk data to each file to make them the same size. Next it calculates the difference between the two files fingerprints and continues to add data to both files, this time calculated to reduce the differences between their finger prints. This process is applied over and over again until it finally yields identical digital fingerprints for both documents.

If a harmless digitally compromised document were to get listed in a commonly used library, malicious files sharing of its altered digital fingerprinted counterpart could circulate through countless computer systems unnoticed. Sensitive online documents such as digital protection certificates that identify banking and personal security information sites, nearly all password encryption, and even access to your own home personal computer could easily be exposed and tampered with. This ability to digitally alter document and certify their identity and origin to mimic officially recognized and accepted documents could result in some very serious problems if placed in the wrong hands. Digital forensics would almost be rendered helpless. Thankfully stronger better cryptographic hashing algorithms are being developed.

Resource: Sharing Fingerprints - Technology Review - March/April 2009