Breaking News         Latest US News              New York News              Fx Tribune

Amazon’s New Headquarters to Be in “Opportunity Zone”
On Thursday, Google made major cryptography news by announcing that it had discovered a technique for generating a collision in the SHA-1 algorithm—a fundamental part of internet security protocol. The announcement effectively marks the death of SHA-1.SHA-1...

What Is SHA-1? Google Cracked A Fundamental Part Of Web Encrpytion

On Thursday, Google made major cryptography news by announcing that it had discovered a technique for generating a collision in the SHA-1 algorithm—a fundamental part of internet security protocol. The announcement effectively marks the death of SHA-1.SHA-1...

What Is SHA-1? Google Cracked A Fundamental Part Of Web Encrpytion

On Thursday, Google made major cryptography news by announcing that it had discovered a technique for generating a collision in the SHA-1 algorithm—a fundamental part of internet security protocol. The announcement effectively marks the death of SHA-1.

SHA-1 is a hashing function used to encrypt information. It generates a random string of characters that act as a digital fingerprint for plaintext information while making sure no one except the intended recipient is able to access the information.

Hash systems are commonly used for login systems, which need to verify a password is correct without exposing the password. Because it’s very unlikely for hash values to ever be identical, it’s easy for a system to verify the a hash value.

Google was able to successfully execute a collision attack on SHA-1. The company’s researchers were able to harness enough computing power to effectively crack the algorithm.

The attack took nine quintillion SHA-1 computations in total and required 6,500 years of CPU computation and 110 years of GPU computation to complete, according to Google. That’s not the kind of computing power that most people have access to, but Google isn’t the only organization in the world that could theoretically create the collision.

A collision happens when two different files produce the exact same hash value. When that happens, an attacker could distribute a malicious file that shares the same hash as a legitimate file. This opens up the possibility for a widespread attack.

A particularly devastating collision attack was launched in 2012 against the MD5 algorithm, in which a state-sponsored malware known as Flame was able to forge a Windows code-signing certificate and distribute itself through patches to millions of customers.

SHA-1 has now been proven vulnerable to a similar type of attack. While the collision that Google produced is less devastating than the one used by Flame, it is enough for cryptographers to deem the hash function unsafe.

While SHA-1 had not yet been cracked prior to Google’s collision attack, experts have assumed for some time that such an attack may be possible. Because of the believed inevitability of a collision in SHA-1, some sites and services have already moved away from the algorithm.

However, the function is still widely used. Git, the most widely used system for software development among groups of people, uses SHA-1 for data integrity ; the GnuPG e-mail encryption program considers the hash function to be safe ; 2014 marked the first year of significant movement away from the protocol and at the time, more than 90 percent of web encryption was still using SHA-1.

The best thing you can do is simply pay attention to the warning signs your browser provides. Google Chrome, Mozilla Firefox and Microsoft Edge browsers will all warn users if they are on a site that has its encryption signed by the SHA-1 algorithm. Those sites are considered not to be secure and may be compromised.

Our editors found this article on this site using Google and regenerated it for our readers.

Publish Date : 23 Şubat 2017 Perşembe 18:22

Breaking News Headlines

Fear that the slowdown and doubts about the economy tarnish the most important appointment of the consumption of the year
Fear that the slowdown and doubts about the economy tarnish the most important appointment of the consumption of the year
The Saturday with the Expansion, the guide to aid to smes and entrepreneurs
The Saturday with the Expansion, the guide to aid to smes and entrepreneurs
The 15 hours 'supreme' of the tataratatarajuez of the Room III
The 15 hours 'supreme' of the tataratatarajuez of the Room III
The communities provincial pull of the Spanish economic growth compared to the slowdown Catalan
The communities provincial pull of the Spanish economic growth compared to the slowdown Catalan
Sanchez justified his decree of mortgages: "democracy is also not always pay the same"
Sanchez justified his decree of mortgages:
Antonio Garamendi, future head of the CEOE: "Has ended a visit to Junqueras"
Antonio Garamendi, future head of the CEOE:
5 Major Ways Education is Influencing Humanity
5 Major Ways Education is Influencing Humanity
Blablacar purchase the French company bus Ouibus SNCF
Blablacar purchase the French company bus Ouibus SNCF
The building mortgage threatens to ruin
The building mortgage threatens to ruin
What To Do To Ensure Comprehensive Safety On Your Devices
What To Do To Ensure Comprehensive Safety On Your Devices
IESE business school extends its presence to Madrid with a new building and new programs
IESE business school extends its presence to Madrid with a new building and new programs
Bill Allowing Up to 5,000 Work Visas for Irish Citizens Put Before the House of Representatives
Bill Allowing Up to 5,000 Work Visas for Irish Citizens Put Before the House of Representatives
POLLS Results ALL
Who is the most powerful actor in Syria

Front Pages
  • The Sun
NEWS ARCHIVES