[aklug] SHA broken

Christopher Howard christopher.howard at qlfiles.net
Thu Feb 23 16:41:27 AKST 2017


Interesting to note, but maybe the research team is trying to suck a
little more publicity out of this than is warranted...? Quotes:

"Today, many applications still rely on SHA-1, even though theoretical
attacks have been known since 2005, and SHA-1 was officially deprecated
by NIST in 2011. We hope our practical attack on SHA-1 will increase
awareness and convince the industry to quickly move to safer
alteratives, such as SHA-256."

"Any Certification Authority abiding by the CA/Browser Forum regulations
is not allowed to issue SHA-1 certificates anymore. Furthermore, it is
required that certificate authorities insert at least 64 bits of
randomness inside the serial number field."

"This attack required over 9,223,372,036,854,775,808 SHA1 computations.
This took the equivalent processing power as 6,500 years of single-CPU
computations and 110 years of single-GPU computations."

On 02/23/2017 07:40 AM, Darren Coolidge wrote:
> Check it out.
> 
> https://shattered.io/
> 
> 
> _______________________________________________
> aklug mailing list
> aklug at aklug.org
> https://lists.aklug.org/mailman/listinfo/aklug
> 

-- 
https://qlfiles.net


More information about the aklug mailing list