To view a recording of this session Get Adobe Flash player

Prof. dr. ir. Bart Preneel Bart Preneel

Professor Bart Preneel of K.U. Leuven heads the COSIC (COmputer Security and Industrial Cryptography) research group. His main research area is information security with a focus on cryptographic algorithms and protocols as well as their applications to both computer and network security, and mobile communications.

He teaches cryptology, network security and coding theory at the K.U.Leuven and was visiting professor at the Ruhr Universitaet Bochum (Germany), the T.U.Graz (Austria), the University of Bergen (Norway), and the Universiteit Gent (Belgium). In '93-'94 he was a research fellow at the University of California at Berkeley. He has taught intensive courses around the world.

He undertakes industrial consulting (Mastercard International, S.W.I.F.T., Proton World International,...), and participates in the work of ISO/IEC JTC1/SC27/WG2.

Professor Preneel is Vice President of the International Association for Cryptologic Research (IACR) and co-founder and chairman of LSEC vzw (Leuven Security Excellence Consortium).


 description

Hash functions

Learning objectives

  • understand the subtle security properties of hash functions
  • learn the state of the art in cryptanalysis of hash functions and how this affects applications
  • understand goals and learn status of the NIST Advanced Hash Function competition

Overview

In the 1990s, serious weakness were identified by Dobbertin and others in the most widely used hash functions MD4 and MD5. Later on, the US government had to replace its standard hash function SHA by SHA-1. In 2004 and 2005 Wang and others have made a breakthrough in the cryptanalysis of MD4, MD5, SHA and SHA-1.  These results are influencing more and more applications: at the end of 2008, researchers have create a forged X.509 certificate for a CA that uses MD5.

The US government has responded to this hash function crisis by publishing a call for candidates for SHA-3, a new cryptographic hash family. The deadline for submissions was 31 October, 2008. It is expected that the winner of the open competition will be announced in early 2012. From the 64 submissions, 51 have been admitted to the competition; the 48 yet unbroken schemes will be presented at the first SHA-3 candidate workshop in Leuven from 25-28 February 2009 (the week before the SecAppDev course). This lecture will report on the status of the competition and on its impact on secure applications.

Partners:

Solvay Brussels School of Economics and Management Katholieke Universiteit Leuven

Affiliated organizations:

OWASP NESSoS STREWS
Creative Commons

Contents of the secappdev.org website are licensed under a Creative Commons Attribution-NonCommercial 3.0 License.