Ottawa - CertainKey, Inc., as a supporter and implementer of strong encryption, is proud to announce that it will award $10,000 to the first person or group to find a collision* in MD5, a 128-bit message digest (security algorithm) used by companies such as Bank of America, Citibank, Fleet Bank, eTrade.com USA, and eBay.com.
Jun 15, 2004 - Obsolete and Popular Banking Algorithm Gains New Foe
According to cryptography industry experts, the algorithm became obsolete in 1998, yet remains in use and leaves secure systems vulnerable to attack. With this award, CertainKey hopes to accelerate the adoption of more cryptographically secure algorithms to replace MD5 in all industry applications that relate to cryptography, and encourage public awareness of data security in general.
"Anyone with one hundred thousand dollars and a strong knowledge in the area could break the system at will. That so many people are using it could be dangerous; it reflects the need for greater awareness in everyone," comments Jean-Luc Cooke, President of the company.
While groups of cryptographers often offer cash prizes for proving vulnerabilities in apparently secure algorithms, they are not generally as popular as MD5, which is the most widely used cryptographic algorithm in software today. This cash prize differs from others offered by security firms in that the target algorithm is in current use - other contests attempt to prove ineffective the algorithms no company or organization use to protect their sensitive information.
Currently in the lead is www.md5crk.com, a group (also lead by Cooke) which has developed a distributed supercomputer that ranks among the 500 largest computers in the world, by some measures. Anticipating continued steady network growth in light of the new reward, the shared computing project should have a duplicate "snowflake" created within the next two years.
(*) Collision in a hash algorithm occurs when two distinct inputs produce the same output. A suitable metaphor for such a collision is two different weather systems producing two perfectly identical snowflakes.
CertainKey will give one award of $10,000 CAD in a lump sum to the individual or group that discovers the first collision in the MD5 hash algorithm as defined by RFC 1321.
Only one award will be given. CertainKey will verify the validity of all submitted claims and the award will be paid for the first verifiable collision.
A valid claim must include the following:
- A description of the hardware and software used to find the collision.
- The date, time and time zone of the discovery.
- Provide a single point of contact, including an e-mail address, postal address and phone number where CertainKey can contact the claimant regarding the claim.
In the case of a group effort, the group must designate an individual with whom CertainKey will correspond.
CertainKey reserves the right to make changes to these rules for clarification, to remove ambiguity and correct errors.
- Full disclosure is required and as such CertainKey requires that rights be given to freely publish the methods, algorithms, source code and detailed descriptions of hardware without undue restrictions or cost. This disclosure is designed to further cryptographic knowledge, specifically in designing effective hash algorithms.
- Claims including the above information must be made via e-mail to firstname.lastname@example.org with the following subject: MD5 collision claim white list
- Efforts to discover a collision may not be carried out in a malicious manner. Any person or persons engaged in activities not in the scientific spirit of the competition will be disqualified and lose any claim to the award.
- Feb 17, 2005 - Popular, Yet Obsolete, Banking Algorithm Broken
- Jun 15, 2004 - Obsolete and Popular Banking Algorithm Gains New Foe
- Mar 10, 2004 - Hardstorage.com become a strategic partner
- Jan 15, 2004 - CertainKey becomes a member of Exploriem.org
- Jul 23, 2003 - Cooke to present at international symposium
- Dec 13, 2002 - Featured in 20,000 Days of Innovation
- Oct 23, 2002 - Featured in The Citizen Business TV
- Oct 10, 2002 - Featured in High Tech Report
- Apr 03, 2002 - CertainKey wins at Nicol competition
- Apr 12, 2002 - Cooke to present at IEE symposium
- Mar 22, 2002 - ZIM retains CertainKey consulting services
- Jun 26, 2002 - Cooke to present at international symposium
- Jan 31, 2002 - Dr. Mike Cowpland joins CertainKey
- Dec 12, 2001 - Website launch
For more information about these and other products or services