NetSec
  corner   



HOME

LINUX

CYBERLAW

VIRTUALIZATION

Bugtraq

Packetstorm

FD

GrokLaw


RSS Feed


Netsec, comsec, infosec and IA news, research and trends

 

1.14.2020

 
Exploit Fully Breaks SHA-1, Lowers the Attack Bar from Red. We've known about SHA-1's wobbliness for some time. Previously, researchers had reduced the attack complexity to 2^64 from what should have nominally been 2^80 operations. Under this attack scenario, it will take 2648718071565183277.290096774912 cryptographic operations as opposed to 29966824157681538847.454306951413 operations. This is roughly a 10-fold increase, which is significant, but the headline "fully breaks" is an exaggeration. Virtually all crypto is subject to both brute force and statistical attacks, it is simply a matter of work. That said, SHA-1 has largely been retired from use going forward. According to wikipedia, all major browsers stopped accepting SHA-1 signed certificates in 2017.





This page is powered by Blogger.


Site Meter Locations of visitors to this page