Google, Dutch Institute Crack SHA-1 Internet Security Standard

Share on Facebook Tweet Snapchat Share Reddit Comment
Google, Dutch Institute Crack SHA-1 Internet Security Standard

A collaboration between Google's research unit and a Dutch institute on Thursday cracked a widely used cryptographic technology that has been one of the key building blocks of Internet security.

The algorithm, known as Secure Hash Algorithm 1 or SHA-1, is currently used to verify the integrity of digital files and signatures that secure credit card transactions as well as Git open-source software repositories.

Researchers were able to demonstrate a "collision attack" using two different PDF files with the same SHA-1 fingerprint, but with different visible content, according to a paper published by Amsterdam-based Centrum Wiskunde & Informatica.

"Moving forward, it's more urgent than ever for security practitioners to migrate to safer cryptographic hashes such as SHA-256 and SHA-3," according to a post by the collaborators on Google's security blog.

"For the tech community, our findings emphasise the necessity of sunsetting SHA-1 usage. Google has advocated the deprecation of SHA-1 for many years, particularly when it comes to signing TLS certificates. As early as 2014, the Chrome team announced that they would gradually phase out using SHA-1. We hope our practical attack on SHA-1 will cement that the protocol should no longer be considered secure," the blog post added.

© Thomson Reuters 2017

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

ZeniMax Seeks to Block Facebook's Oculus From Using Virtual Reality Code
Microsoft, Qualcomm, Sony Climb Aboard Drones Software Firm AirMap
 
 

Advertisement

 

Advertisement

© Copyright Red Pixels Ventures Limited 2020. All rights reserved.