Freak Posted May 16, 2019 Share Posted May 16, 2019 (edited) https://www.zdnet.com/article/sha-1-collision-attacks-are-now-actually-practical-and-a-looming-danger/ The article notes the history of collision vulnerabilities in Sha-1 dating back to 2005 when it was broken only in theory, and in 2017 when a successful attack was done by researchers at Google and CWI Amsterdam at the expense of $110,000. Only this month, however, is when this chosen prefix attack was developed by Gaëtan Leurent and Thomas Peyrin. They detailed their multi-phase attack more specifically in this paper (direct pdf link) https://eprint.iacr.org/2019/459.pdf The news article makes the conclusion that Sha-1 should be considered completely and entirely dead and provides a list of alternatives to switch to in order of preference. Edited May 16, 2019 by Freak 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now