Jump to content

Chosen prefix Sha-1 collision vulnerability


Freak
 Share

Recommended Posts

https://www.zdnet.com/article/sha-1-collision-attacks-are-now-actually-practical-and-a-looming-danger/

The article notes the history of collision vulnerabilities in Sha-1 dating back to 2005 when it was broken only in theory, and in 2017 when a successful attack was done by researchers at Google and CWI Amsterdam at the expense of $110,000.

Only this month, however, is when this chosen prefix attack was developed by Gaëtan Leurent and Thomas Peyrin. They detailed their multi-phase attack more specifically in this paper (direct pdf link) https://eprint.iacr.org/2019/459.pdf

The news article makes the conclusion that Sha-1 should be considered completely and entirely dead and provides a list of alternatives to switch to in order of preference.

Edited by Freak
  • I Like This! 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...