Ottawa - CertainKey Inc., as a supporter and implementer of strong encryption, announced June 15, 2004 that it will award $10,000 to the first person or group to find a collision* in MD5, a 128-bit message digest (security algorithm) used at the time by companies such as Bank of America, Citibank, Fleet Bank, eTrade.com USA, and eBay.com.
Feb 17, 2005 - Popular, Yet Obsolete, Banking Algorithm Broken
According to cryptography industry experts, the algorithm became obsolete in 1998, yet remains in use and leaves secure systems vulnerable to attack. With this award, CertainKey hopes to accelerate the adoption of more cryptographically secure algorithms to replace MD5 in all industry applications that relate to cryptography, and encourage public awareness of data security in general. CertainKey does own or sell any proprietary competing algorithm to MD5.
In August 2004 Xuejia Lai, Xaioyun Wang, and Hongbo Yu of the Dept. of Computer Science and Engineering at Shanghai Jiaotong University in Shanghai, China demonstrated a new technique to find collisions in several common security algorithms, most notably MD5. Their new technique found MD5 collisions in minutes on a standard computer where previously it would have taken many years. Today they published their findings to CertainKey, fulfilling the final requirement in claiming the prize.
"As a side-effect of these new findings, a malicious person can now more easily masquerade as a financial institution, or any other online site. This trickery, often carried out by spammers and referred to as "phishing", is unfortunately becoming far more common and is usually done for the purposes of harvesting usernames and passwords," comments Jean-Luc Cooke, President of CertainKey Inc.
While companies and individuals have offered cash prizes for proving vulnerabilities in apparently secure algorithms, those algorithms are generally not as popular as MD5. MD5 is the most widely used cryptographic algorithm in software today. By targeting a popular, widely used algorithm, the CertainKey cash prize differs from others offered in the past that targeted old and rarely used algorithms.
Please see attached sheet, or visit www.certainkey.com, for award details and more information.
CertainKey will give one award of $10,000 CAD in a lump sum to the individual or group that discovers the first collision in the MD5 hash algorithm as defined by RFC 1321.
Only one award will be given. CertainKey will verify the validity of all submitted claims and the award will be paid for the first verifiable collision.
A valid claim must include the following:
- A description of the hardware and software used to find the collision.
- The date, time and time zone of the discovery.
- Provide a single point of contact, including an e-mail address, postal address and phone number where CertainKey can contact the claimant regarding the claim.
In the case of a group effort, the group must designate an individual with whom CertainKey will correspond.
CertainKey reserves the right to make changes to these rules for clarification, to remove ambiguity and correct errors.
- Full disclosure is required and as such CertainKey requires that rights be given to freely publish the methods, algorithms, source code and detailed descriptions of hardware without undue restrictions or cost. This disclosure is designed to further cryptographic knowledge, specifically in designing effective hash algorithms.
- Claims including the above information must be made via e-mail to firstname.lastname@example.org with the following subject: MD5 collision claim white list
- Efforts to discover a collision may not be carried out in a malicious manner. Any person or persons engaged in activities not in the scientific spirit of the competition will be disqualified and lose any claim to the award.
- Feb 17, 2005 - Popular, Yet Obsolete, Banking Algorithm Broken
- Jun 15, 2004 - Obsolete and Popular Banking Algorithm Gains New Foe
- Mar 10, 2004 - Hardstorage.com become a strategic partner
- Jan 15, 2004 - CertainKey becomes a member of Exploriem.org
- Jul 23, 2003 - Cooke to present at international symposium
- Dec 13, 2002 - Featured in 20,000 Days of Innovation
- Oct 23, 2002 - Featured in The Citizen Business TV
- Oct 10, 2002 - Featured in High Tech Report
- Apr 03, 2002 - CertainKey wins at Nicol competition
- Apr 12, 2002 - Cooke to present at IEE symposium
- Mar 22, 2002 - ZIM retains CertainKey consulting services
- Jun 26, 2002 - Cooke to present at international symposium
- Jan 31, 2002 - Dr. Mike Cowpland joins CertainKey
- Dec 12, 2001 - Website launch
For more information about these and other products or services