2005¦~2¤ë17¤é

SHA-1 "hashing" algorithm broken. Cory Doctorow: SHA-1 is a "hashing algorithm." Feed it a long string of digits -- like an MP3 -- and it will produce a supposedly unique "hash" of those digits that's much shorter. This hash can be used to determine, for example, whether a message has been tampered with: append a hash to an email message that's generated in combination with a PGP key and your recipients can repeat the operation and determine whether the message has been tampered with in transit. Or distribute a hash of the latest security update and your download manager can compare the hash with the value it gets when it hashes update and make sure you've got the real goods. P2P application designers use hashes in a number of ways: detecting spoof files and trojans, downloading the same file from many sources ("parallel downloading" -- a poor man's BitTorrent, essentially) and so forth. Spamfighters use hashes to spot spam -- it's a way to tell whether the message I've just received has already been flagged as spam by you, saving me the trouble of looking it up -- and proposals like LOAF use hashes to assemble lists of trusted senders by allowing friends to share contact lists without exposing the actual names of their other friends. There are lots of ways to calculate hashes, but SHA-1 is one of the most widely used. Many SHA-1 applications rely on the absence of "collisions" -- that is, the ability to spoof it by having two files hash out to the same fingerprint. That's a key piece of any kind of digital signature system. But now, there's a break for SHA-1, a means that makes it relatively easy to find collisions in a relatively short time: The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu (mostly from Shandong University in China) have been quietly circulating a paper announcing their results: * collisions in the the full SHA-1 in 2**69 hash operations, much less than the brute-force attack of 2**80 operations based on the hash length. * collisions in SHA-0 in 2**39 operations. * collisions in 58-round SHA-1 in 2**33 operations. This attack builds on previous attacks on SHA-0 and SHA-1, and is a major, major cryptanalytic result. It pretty much puts a bullet into SHA-1 as a hash function for digital signatures (although it doesn't affect applications such as HMAC where collisions aren't important). The paper isn't generally available yet. At this point I can't tell if the attack is real, but the paper looks good and this is a reputable research team. Link [Boing Boing] 4:39:11 PM

Happy Valentine's Day in hysterically misused Chinese. Xeni Jardin: Tian runs a blog called "Hanzi Smatter" devoted to non-Asian people's unwittingly incorrect use of Chinese characters in tattoos, t-shirts, and the like. He spotted this tattoo and said: "[W]hen I first saw this... I was stunned and speechless. It literally means "crazy diarrhea" in both Chinese Hanzi and Japanese Kanji." He invited readers to contribute Photoshop remixes. The results include this Valentine's Day chocolate wrapped with a message which would be very inappropriate, unless this is your kind of thing. Link to Tian's explanatory blog post. (Thanks, Jared Mackay) [Boing Boing] 9:48:35 AM

Sonos Digital Music System Broken for Mac We've given a lot of traffic to Sonos Digital Music System reviews, mostly because it seems to be a fantastic product, and one with a lot of promise as the company continues to upgrade the product line. Ironically, iPodlounge has discovered that one of the most pressing upgrades would appear to be broken Macintosh compatibility¡Xhumorous in light that the Sonos cops so many Apple design cues (to good effect, too). Their review was a bit late, but that's because they were waiting for the good news: Sonos expects a fix for Mac users within a couple of weeks. Don't let us down, Sonos. Backstage: Sonos Digital Music System, reviewe [iPodLounge] - lev (tips@gizmodo.com) [Gizmodo] 9:29:52 AM

Happy Hacker Keyboard Professional The Happy Hacker keyboards aren't new¡Xthey've been around for a few years¡Xbut these new Professional models have my favorite feature of the product line: no silk-screening on the keys. I once tried sanding the tops of my IBM folded-spring key caps off, but ended up giving up after spending 30 minutes on ESC. You can get Happy Hackers from a variety of smaller shops online, but the blank key version is upwards of $250 in some places¡XI think I'll just find some more sandpaper and jonesing gutter punk. Happy Hacking Keyboard Professional [SorobanGeeks] - lev (tips@gizmodo.com) [Gizmodo] 9:29:07 AM

German Radio Offers Downloadable Songs via SMS The record label that brought Eminem to the Germans and Rammstein to the rest of the world (you work out the exchange rate on that one) is making a moving on radio with the launch of Motor FM. The plan is to start streaming audio to 3G phones that users can purchase by shooting off an SMS message. To stand out against a radio-saturated landscape and hit that anti-MTV feel all the kids are into, Motor FM have already ditched commercials, morning shows, and any DJ chatter that doesn't have to do with what you're listening to. I like them already, combustable metal acts and all. Future of Radio is Downloadable [WiredNews] - lev (tips@gizmodo.com) [Gizmodo] 9:28:37 AM

Hitachi Wooo DZ-MV780 Look for Hitachi to roll out the first real challenge to Sony's DCR-series DVD camcorders this week: The Wooo DZ-MV780 boasts a 1.33-megapixel still sensor, something called a "zoom" lens (although it doesn't mention to what power), and up to two hours recording time per disc. Toss in a thinner, easier to hold body than the Sony (so they say) and a price tag of about a hundred dolars less (at $950, it's cheaper than Sony's top-end list price, but real-world costs vary wildly), and it looks solid¡Xmaybe not a killer, but at least a competitor (and it has a much better name and a logo that makes us think of Audi). Hitachi's Newest DVD Camcorder [CNET] - lev (tips@gizmodo.com) [Gizmodo] 9:25:04 AM

Sanyo Wipoq Bluetooth Messenger Treonauts is still scouting out the 3GSM conference in Cannes and has discovered this prototype instant messaging device from Sanyo called the 'Wipoq' (both the name of the product and the new division within the company, it seems). Running the same IXI operating system as using by the Cingular's marginally successful ogo, the Wipoq is designed to connect to your phone via Bluetooth and be used as a dedicated, but complementary device for instant messaging duties. I'm fine with this, but obviously some people would prefer to have it all wrapped into a single device. Both the prototype (on the left) and the working production model (on the right) look nice, too, appearing to be slim enough to slip into a pocket without all the weird edges of the ogo. We'll give it a shot, but as Danger's Sidekick II has proven, there's a lot more to good instant messaging machines than just the hardware. Philips Introduces Five New Mobile Phones. [Treonauts] - lev (tips@gizmodo.com) [Gizmodo] 9:21:15 AM

NanoChromics Display: More ePaper You Can't Buy Ntera is at DEMO this week with their contribution to the growing line of digital paper prototypes. The NanoChromics Display (NCD) brings to the house a patented nanotechnology process (meaning that's all we really know about it) and a dose of titanium oxide, the chemical what makes paper white. Either that iPod in the back has one of the ePaper screens or it's been freebasing Crest Whitestrips. The NCD promise huge power savings and a crisper display over LCDS, but in keeping with the paper replacements we've seen thus far isn't delivering too much yet. Ntera promise a product launch later this year though, so expect to wake up around July-ish to a world turned upside down by science. Digital Ink Prototype Uses Nanotech [ExtremeTech] - lev (tips@gizmodo.com) [Gizmodo] 9:19:06 AM