
Subscribe to
Computerworld
or
Other Storage Stories
|
January 28, 2005 (Computerworld) -- Security experts are warning about a flawed hashing algorithm, MD5, used by some vendors for digital signatures to store data securely on increasingly popular content addressed storage systems. The warnings come as more companies unveil CAS systems to meet the need for disk-based backup of fixed data such as e-mails and medical images.
"It really is time for [the industry] to stop using MD5," said Dan Kaminsky, a security consultant at Avaya Inc. in Basking Ridge, N.J. "MD5 has been a deprecated hashing algorithm for almost a decade. The U.S. government agreed."
According to Kaminsky, MD5 has been decertified for secure operations by the National Institute of Standards and Technology since at least 1998. "The industry has clung to the algorithm, partially out of inertia, partially out of scarcity of computer power," he said.
There are currently three major vendors of CAS storage: EMC Corp., Permabit Inc. in Cambridge, Mass., and Archivas Inc. in Waltham, Mass. Both EMC and Archivas use the MD5 hashing algorithm; Permabit does not.
Just this week, Storage Technology Corp. announced that it would use OEM Permabit's technology for e-mail archival. And Sun Microsystems Inc. is currently developing its own CAS, called Honeycomb, with several beta testers and plans to release it toward the end of the year.
Sun wouldn't say which algorithm it will use to store data.
Kaminsky published a report last month on the MD5 algorithm pointing out that an attack could be used to create two files with the same MD5 hash, one with "safe" data and one with "malicious" data. When both of those files are saved to the same system, a so-called collision can result, leading to data loss or dissemination of bad data, Kaminsky said.
CAS systems store metadata and data along with management policies to create an object that is quickly retrievable, no matter where its stored on a disk subsystem. CAS also uses write once, read many (WORM) capability to ensure that once data is stored it cannot be overwritten, which satisfies several regulatory requirements. Hashing is a way to create a shorter fixed-length key or index that represents the original data stored in a device.
|
|
Print this Story |
|
Send Us Feedback |
|
E-mail this Story |
|
Digg this Story |
|
Slashdot this Story |
|
|
|
|
|
|
All Zones Application Performance Zone Business Continuity Zone Data Center Management Zone Enterprise-Class Security Zone The File Data Management Zone Grid Computing on Windows Zone Security Management Zone ITIL Best Practices Zone The SAS Zone Storage Virtualization Zone Business Intelligence and Analytics Zone |
|
|
| ||||||||
| ||||||||
| ||||||||
|


Business Continuity ZoneAn organization's business continuity plan helps keep critical functions running during an emergencythe power fails, a virus is unleashed on your network, a natural disaster has occurred. Even the slightest downtime or loss of data can cripple your operation. CDW can help you prevent disaster by implementing a well-planned recovery strategy. Click here to visit the Zone See All Zones
|
Intercept Spam & Viruses With MessageLabs MessageLabs is offering a complimentary 30 day trial of its managed Anti-virus and Anti-spam security solutions. MessageLabs guarantees complete protection against all know and unknown email threats. By providing 24 hour support, your business can increase productivity and decrease risk. Register for a complimentary trial and receive a free datasheet.Download this white paper now!
|

| Jack Demo Have WAN acceleration solutions got your head spinning? Our Technology Demo sorts it out. See how our technology offers a comprehensive solution to the entire WAN performance issue including mobile workers' needs. Download this demo and discover how everyone, from branch office workers to executives and sales people on the go, get the same LAN-like access to their enterprise applications and data they enjoy when they're at headquarters. Go now!
|
| About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map |
|
CIO The Industry Standard |