With the development of e-commerce, online banking, online contracts and electronic signatures are more and more widely used, and the network has become an indispensable part of our lives. While e-commerce brings convenience to our work and life, there are also security risks. Two cryptographic algorithms MD5 and SHA- 1, which are widely used in the world, were announced to have been cracked by a cryptographer in China. This news has aroused great repercussions in the international community, especially in the field of international cryptography, and once again sounded the alarm of e-commerce security. It was Wang Xiaoyun, a China expert and director of the Institute of Information Security of Shandong University, who discovered these two major international password loopholes through password analysis.

The news world password building collapsed.

The 43-year-old graduated from the Mathematics Department of Shandong University, and studied under the famous mathematicians Pan Chengdong and Professor Yu. She is an ordinary and confident China woman. Before August, 2004, the international cryptology community was not familiar with the name Wang Xiaoyun. In August, 2004, at the International Cryptography Conference held in Santa Barbara, California, USA, Professor Wang Xiaoyun, who was not scheduled to speak originally, approached the president of the conference with his research results and asked to speak at the conference. In this way, Wang Xiaoyun announced the decoding results of four famous cryptographic algorithms, namely MD5, HAVAL- 128, MD4 and RIPEMD, for the first time at the international conference.

When the third achievement was announced, the meeting was already thunderous and the report had to be interrupted for some time. After the report, all the experts at the meeting applauded their excellent work for a long time.

Wang Xiaoyun's research achievement, as an important discovery in the field of cryptography, declared the collapse of MD5 building, an impregnable worldwide cryptographic standard, and caused an uproar in the field of cryptography. The summary report of this meeting wrote: "What should we do? MD5 has been hit hard and will soon be eliminated from the application. Sha- 1 is still alive, but it has also seen its end. Now you have to start replacing Sha- 1. "

In fact, after MD5 was deciphered by experts from China, such as Wang Xiaoyun, the world cryptographers still think that SHA- 1 is safe. On February 7, 2005, the National Institute of Standards and Technology issued a statement that SHA- 1 has not been breached, and there is no sufficient reason to suspect that it will be breached soon. Developers should switch to safer SHA-256 and SHA-5 12 algorithms before 20 10. Only a week later, Wang Xiaoyun announced the news of deciphering SHA- 1.

As SHA- 1 is more widely used in the United States and other countries, the news that the password has been cracked has aroused repercussions that shocked the world. In other words, Wang Xiaoyun's research results show that in theory, electronic signatures can be forged, and it is necessary to add restrictions in time or re-use more secure cryptographic standards to ensure the security of e-commerce.

Lenstra, an international cryptographer, forged a digital certificate conforming to the X.509 standard by using the collision of MD5 provided by Wang Xiaoyun, which shows that the decoding of MD5 is not only the result of theoretical decoding, but also leads to actual attacks, and the exit of MD5 is imminent. Wang Xiaoyun said that SHA- 1 has been deciphered in theory, which is not far from practical application.

It's crazy to comment on these researchers

MD5, SHA- 1 and other international common passwords were cracked, which triggered a strong "earthquake" in the field of international cryptography. Adi shamir, the world's top cryptographer, commented: "This is the most wonderful achievement in the field of cryptography in recent years. I believe it will cause an uproar, and it is extremely important to design a new hash function algorithm. " Rivest, the designer of MD5, commented that "the decoding of SHA- 1 is amazing" and "the security of digital signature is decreasing, which reminds us once again that we need to change the algorithm". The National Institute of Standards and Technology and several well-known companies also responded positively. MarkWillet, director of security research at SeagateTechnology, said, "Now the National Institute of Standards and Technology may need to advance the password update schedule." In addition, experts from several well-known companies such as Microsoft, SUN and Atmel also published their countermeasures. An American Bar Association consultant said: "These researchers in China are crazy."

The incredible women's decoding team behind the scenes

To the world's shock, most cryptologists think that the two cryptographic algorithms are impregnable, and finally they are ruthlessly knocked down by a female group led by a China woman, and this process does not seem too difficult. It only took more than two months to crack SHA- 1, and many cryptographers thought that "this sounds incredible".

Wang Xiaoyun studied under the famous mathematician Professor Pan Chengdong from 65438 to 0990. Under the guidance of Pan Chengdong, Yu, Zhan Tao and other famous teachers, she successfully applied the knowledge of number theory to cryptography, and began to study hash functions in the late 1990s.

Wang Xiaoyun was unknown until she succeeded, as all her peers said. She is never eager for quick success and instant benefit, and she never advocates publishing papers with no new ideas or new progress. At ordinary times, she is not enthusiastic about some honors or entertainment that delay the research work time. She disapproves of reading a lot of literature, and advocates grasping several classic papers to study them carefully and thoroughly, then thinking independently, looking for breakthrough methods and testing her own methods quickly. This is how she studied repeatedly in the digital kingdom.

The research team involved in deciphering SHA- 1 password is a three-member female team headed by Wang Xiaoyun, and its members include Yu Hongbo, a doctoral student from Wang Xiaoyun, and a female researcher from Tsinghua University. "Six of my eight doctoral students are women, and they have shown extraordinary talent in the field of cryptography. Many people think that cryptography is a mysterious knowledge, but we think it is very interesting. Because we are used to thinking in a mathematical way, and once we develop this way of thinking, numbers become wonderful notes in our eyes, and our research is as interesting as music creation. " Wang Xiaoyun said. (According to Xinhua News Agency)

Two International Cryptographic Castles

MD5 and SHA- 1 are two international cryptographic standards. It is understood that MD5 was designed by Ronald L. Rivest, an internationally renowned cryptographer who won the Turing Award and the founder of RSA, and SHA-/KLOC-0 was designed by the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA).

These two algorithms are key technologies in international electronic signature and many other cryptographic applications, and are widely used in e-commerce fields such as finance and securities. SHA- 1 as early as 1994 was adopted by the US government, which is a widely used computer password system.

Wang Xiaoyun said that because there are no two identical fingerprints in the world, handprints have become the only and safe symbol of people's identity. In the network security protocol, the hash function is used to process the electronic signature, thus generating a theoretically unique "fingerprint" and forming a "digital fingerprint". According to the ideal security requirements, the fingerprint generated by hash function will be completely different even if the original information changes only one bit. If the collision of hash functions can be found, it means that two different files can produce the same "fingerprint", so that the signature can be forged.