Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Google Researchers 'Shatter' SHA-1 HashGoogle Researchers 'Shatter' SHA-1 Hash
'Collision' attack by researchers at CWI Institute and Google underscores need to retire SHA-1.
1 Min Read
The aging cryptographic hash function SHA-1 (Secure Hash Algorithm 1) has suffered what some experts consider its final blow today as researchers from Google and the CWI Institute revealed that they had found a practical way to break SHA-1.
SHA-1 long has been considered obsolete, and most major browser vendors plan to halt accepting SHA-1 based certificates this year due to its relatively weaker crypto scheme than the newer SHA-2 and SHA-3 standards.
Google and CWI engineered a collision attack against SHA-1, demonstrating two PDF files with the same SHA-1 hash and different content as a proof-of-concept of their findings.
"For the tech community, our findings emphasize the necessity of sunsetting SHA-1 usage. Google has advocated the deprecation of SHA-1 for many years, particularly when it comes to signing TLS certificates. As early as 2014, the Chrome team announced that they would gradually phase out using SHA-1. We hope our practical attack on SHA-1 will cement that the protocol should no longer be considered secure," Google said in a blog post today. "We hope that our practical attack against SHA-1 will finally convince the industry that it is urgent to move to safer alternatives such as SHA-256."
See Google's post here for more details on the PoC.
About the Author
You May Also Like
More Insights
Webinars
Shifting Left: DevSecOps in the Cloud
Feb 4, 2025Uncovering Threats to Your Mainframe & How to Keep Host Access Secure
Feb 13, 2025Securing the Remote Workforce
Feb 20, 2025Emerging Technologies and Their Impact on CISO Strategies
Feb 25, 2025How CISOs Navigate the Regulatory and Compliance Maze
Feb 26, 2025
