Tag: SHA1 | SpinSafe

I come to bury SHA1, not to praise it

February 25, 2017/in Computer Security

Most cryptography is theoretical research. When it is no longer theoretical, in practice it can become a harmful exploit.

Google and Dutch research institute CWI proved that the SHA1 hash method, first introduced 20 years ago, could produce a duplicate hash from different documents using a technique that consumed significant computational resources: 6,500 years of CPU computation to complete the attack first phase and 110 years of GPU computation to complete the second phase. The exercise was computationally intensive but proved it is within the realm of possibility, especially compared to a brute force attack that would require 12 million GPU compute years.

To read this article in full or to leave a comment, please click here

Network World Security

Replace SHA-1. It’s not that hard.

February 25, 2017/in Mobile Security

Now that SHA-1 has been broken it’s time for enterprises that have ignored its potential weakness for years to finally act, and it’s not that hard.

The most common use of the hash function is in securing SSL and TLS connections, and to get rid of SHA-1 in that use is to utilize browsers and servers that don’t support it. Depending on the size of an organization, this isn’t onerous, says Paul Ducklin, a senior security advisor at Sophos. (See his excellent description of the problem with SHA-1 and other hashing algorithms.)

To read this article in full or to leave a comment, please click here

Network World Tim Greene

Stop using SHA1: It’s now completely unsafe

February 23, 2017/in Computer Security

Security researchers have achieved the first real-world collision attack against the SHA-1 hash function, producing two different PDF files with the same SHA-1 signature. This shows that the algorithm’s use for security-sensitive functions should be discontinued as soon as possible.

SHA-1 (Secure Hash Algorithm 1) dates back to 1995 and has been known to be vulnerable to theoretical attacks since 2005. The U.S. National Institute of Standards and Technology has banned the use of SHA-1 by U.S. federal agencies since 2010, and digital certificate authorities have not been allowed to issue SHA-1-signed certificates since Jan. 1, 2016, although some exemptions have been made.

To read this article in full or to leave a comment, please click here

Network World Security

Time’s almost out for websites to abandon SHA-1 | InfoWorld – InfoWorld

November 23, 2016/in Computer Security

InfoWorld

Time's almost out for websites to abandon SHA-1 | InfoWorld
InfoWorld
One-third of all websites still rely on the insecure SHA-1 encryption algorithm, as the deadline to switch draws closer.

and more »

flame malware – read more

Tag Archive for: SHA1