Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

SHA-1 hashing algorithm could succumb to US$75K attack, researchers say

Peter Sayer | Oct. 9, 2015
It's time to retire the SHA-1 hashing algorithm, as it is now cheaper than ever to attack, researchers say

Happily, the researchers have only shown a way to simplify an identical-prefix attack on SHA-1, meaning it is not yet possible to generate fake SSL certificates allowing the impersonation of arbitrary websites.

"This is still far from being able to create a rogue CA, as such an attack would require a stronger type of collision," said Peyrin, one of the authors of the research paper.

"We advise the industry to not play with fire, and accelerate the migration process toward SHA2 and SHA3, before such dramatic attacks become feasible," Peyrin concluded.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.