HomeStorage Hardware

EMC Centera Unaffected by MD5 Flaw

By Ryan Naraine

Data storage giant EMC is trying to allay
fears that its Centera platform was susceptible to a flaw uncovered in
the popular MD5 algorithm.

EMC’s Centera secure storage platform uses MD5 hash integrity for its
single-instancing storage (SIS) offering, prompting jitters among
customers when word leaked out at the recent Crypto 2004 conference
that the algorithm could be easily cracked.

However, EMC insists its use of the secure hashing algorithm did not
put customers’ data at risk, because the algorithm is enhanced and buried
in the platform.

By burying the MD5 enhancements, a spokesman for EMC said the full
algorithm is never available for cracking. “We emphatically dispute the
spreading [fear] around our Centera product and the idea that a security
flaw puts data at risk for duplication, corruption,
or any malicious changes,” Rob Callery, EMC spokesman, told
internetnews.com.

The MD5 algorithm is used to convert
an arbitrarily long data stream into a digest of fixed size. It is
widely used to ensure message integrity and as part of creating and
verifying digital signatures.

At Crypto 2004, French researcher Antoine Joux
presented information on a weakness discovered in MD5, confirming
earlier fears that the algorithm was not appropriate for
single-instancing storage.

But, according to Callery, the researcher didn’t find a way to create
a new file that
creates an address to an existing file. “They only showed a way of
inducing collisions between random objects,” he said. “The important point is that
they cannot induce collisions with existing objects.”

EMC maintains that nobody has proven that it is possible to reverse-engineer
a small binary file — as has been described — with the same
hash as those generated for the file to be obscured, and no tools exist
to do that. “The researchers’ results have been totally misused. They
did not show that you could forge an address to an existing object,”
Callery said.

He said Centera used two different types of naming schemes. One is
based on MD5 and another is based on MD5 and an EMC-developed algorithm,
which also incorporates time stamps. Because an EMC algorithm is added
to the mix, Callery said crackers looking to induce a collision between
a legitimate file and a malicious file would have to create both files
and store them on Centera “at the same exact time, on the same exact
entry node and have exactly the same content.”

Previous article
FalconStor Does Backup And Recovery For Less
Next article
Storage Basics: The Inside Scoop on Outsourcing
Ryan Naraine
Ryan Naraine

Related Articles

Get the Free Newsletter!
Subscribe to Cloud Insider for top news, trends & analysis
This email address is invalid.
Get the Free Newsletter!
Subscribe to Cloud Insider for top news, trends & analysis
This email address is invalid.

Latest Articles

Security

Stateful vs Stateless Firewalls: Comparing the Differences

Al Mahmud Al Mamun -
Stateful and stateless firewalls have several core differences. Learn how stateful and stateless firewalls differ now.
Storage Hardware

10 Best Open Source Storage Software for Enterprises in 2023

Jenna Phipps -
These 64 Open Source Storage Projects help you create a NAS/SAN device, set up cloud storage, backup your system & more. Click here now.
Storage Software

How to Do a Vulnerability Scan Effectively in 6 Steps

Anina Ot -
Vulnerability scans are the process of examining and scrutinizing a piece of digital infrastructure — software or hardware — in order to locate and...

Enterprise Storage Forum offers practical information on data storage and protection from several different perspectives: hardware, software, on-premises services and cloud services. It also includes storage security and deep looks into various storage technologies, including object storage and modern parallel file systems. ESF is an ideal website for enterprise storage admins, CTOs and storage architects to reference in order to stay informed about the latest products, services and trends in the storage industry.

Advertisers

Advertise with TechnologyAdvice on Enterprise Storage Forum and our other IT-focused platforms.

Advertise with Us

Menu

Our Brands

Property of TechnologyAdvice.
© 2022 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.