[aklug] SHA broken
Royce Williams
royce at tycho.org
Thu Feb 23 17:02:46 AKST 2017
The first collision found for a well-known hash is historic. I don't think
they're over-hyping it.
If there's one thing that the industry is starting to learn -- and still
hasn't fully, but that this announcement is intended to encourage -- it's
that you have to deprecate vigorously and early, in order to actually get
movement in time, and to minimize the length of the long tail of
stragglers.
Royce
On Thu, Feb 23, 2017 at 4:41 PM, Christopher Howard <
christopher.howard at qlfiles.net> wrote:
> Interesting to note, but maybe the research team is trying to suck a
> little more publicity out of this than is warranted...? Quotes:
>
> "Today, many applications still rely on SHA-1, even though theoretical
> attacks have been known since 2005, and SHA-1 was officially deprecated
> by NIST in 2011. We hope our practical attack on SHA-1 will increase
> awareness and convince the industry to quickly move to safer
> alteratives, such as SHA-256."
>
> "Any Certification Authority abiding by the CA/Browser Forum regulations
> is not allowed to issue SHA-1 certificates anymore. Furthermore, it is
> required that certificate authorities insert at least 64 bits of
> randomness inside the serial number field."
>
> "This attack required over 9,223,372,036,854,775,808 SHA1 computations.
> This took the equivalent processing power as 6,500 years of single-CPU
> computations and 110 years of single-GPU computations."
>
> On 02/23/2017 07:40 AM, Darren Coolidge wrote:
> > Check it out.
> >
> > https://shattered.io/
> >
> >
> > _______________________________________________
> > aklug mailing list
> > aklug at aklug.org
> > https://lists.aklug.org/mailman/listinfo/aklug
> >
>
> --
> https://qlfiles.net
> _______________________________________________
> aklug mailing list
> aklug at aklug.org
> https://lists.aklug.org/mailman/listinfo/aklug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.aklug.org/pipermail/aklug/attachments/20170223/7069ebb6/attachment.html>
More information about the aklug
mailing list