Source |
Network World |
Identifiant |
321628 |
Date de publication |
2017-02-23 14:35:46 (vue: 2017-02-23 14:35:46) |
Titre |
Stop using SHA1: It\'s now completely unsafe |
Texte |
Security researchers have achieved the first real-world collision attack against the SHA-1 hash function, producing two different PDF files with the same SHA-1 signature. This shows that the algorithm's use for security-sensitive functions should be discontinued as soon as possible.SHA-1 (Secure Hash Algorithm 1) dates back to 1995 and has been known to be vulnerable to theoretical attacks since 2005. The U.S. National Institute of Standards and Technology has banned the use of SHA-1 by U.S. federal agencies since 2010, and digital certificate authorities have not been allowed to issue SHA-1-signed certificates since Jan. 1, 2016, although some exemptions have been made.To read this article in full or to leave a comment, please click here |
Envoyé |
Oui |
Condensat |
1995 2005 2010 2016 achieved against agencies algorithm allowed although article attack attacks authorities back banned been certificate certificates click collision comment completely dates different digital discontinued exemptions federal files first full function functions has hash have here institute issue jan known leave made national not now pdf please possible producing read real researchers same secure security sensitive sha sha1: should shows signature signed since some soon standards stop technology theoretical two unsafe use using vulnerable world |
Tags |
|
Stories |
|
Notes |
|
Move |
|