Articles about sha-1

Weapon of the information wars from Shutterstock

Dev writes Ethereum code for insecure SHA-1 crypto hash function

Using Ethereum's programming language Solidity, a dev has controversially written code for making data authentication signatures with the insecure SHA-1 cryptographic hash function. Nick Johnson, the London-based Ethereum developer who authored the code, told The Register: "SHA1 is still used by a lot of legacy systems, …
Andrew Silver, 20 Oct 2017

Crypto-busters reverse nearly 320 MEELLION hashed passwords

The anonymous CynoSure Prime “cracktivists” who two years ago reversed the hashes of 11 million leaked Ashley Madison passwords have done it again, this time untangling a stunning 320 million hashes dumped by Australian researcher Troy Hunt. CynoSure Prime's previous work pales compared to what's in last week's post. Hunt, of …

Git sprints carefully towards SHA-1 deprecation

Following the February controversy over whether or not Google's SHA-1 collision broke Git, its community has taken the first small steps towards replacing the ancient hash function. For context: the Chocolate Factory last month produced the first reproduceable SHA-1 collision needing relatively* low computing power – something …
Man thumbs down, image via Shutterstock

Time's up for SHA-1 hash algo, but one in five websites still use it

One in five websites (21 per cent) are still using certificates signed with the vulnerable SHA-1 hash algorithm, according to a new survey. Reliance on the obsolete hashing technology leaves companies at greater risk of security breaches and compliance problems, certificate management firm Venafi warns. Venafi's latest study …
John Leyden, 8 Mar 2017
Image by Maksim Kabakouhttp://www.shutterstock.com/pic-362745248/stock-photo-privacy-concept-broken-shield-on-wall-background.html

SHA-1 crack just got real: System Center uses it to talk to Linux

When Google revealed last week that it had destroyed the SHA-1 algorithm, it hammered another nail into the venerable algo's coffin. But as we noted in our report on the feat, many applications still use SHA-1. And if you're one of the many Windows shops running Microsoft's System Center Operations Manager Management Server, …

Git fscked by SHA-1 collision? Not so fast, says Linus Torvalds

About that SHA-1 collision: Linus Torvalds has taken to Google+ to emphasise that in Git, its main role is error detection, so “the sky isn't falling.” The weak hashing algorithm is used, among other things, to provide a digital signature for software, documents like PDFs, and encryption certificates. The mathematical …

'First ever' SHA-1 hash collision calculated. All it took were five clever brains... and 6,610 years of processor time

Google researchers and academics have today demonstrated it is possible – following years of number crunching – to produce two different documents that have the same SHA-1 hash signature. This proves what we've long suspected: that SHA-1 is weak and can't be trusted. This is bad news because the SHA-1 hashing algorithm is used …
Man thumbs down, image via Shutterstock

Facebook has stopped SHA-ring, a year later than it promised

Facebook's quietly taken its SHA-1 certificates out behind the data centre with an electrified degaussing machine. The SHA-1 hashing algorithm was declared unreliable back in 2005. By 2010, hackers cracked a password hashed with SHA-1 using just US$2 of resources rented from Amazon Web Services. In 2015 researchers blew the …
Simon Sharwood, 21 Dec 2016
gun

Microsoft plans St Valentine's Day massacre for SHA‑1

The death knell for the SHA‑1 cryptographic hash function will echo around the web now that all the main browser builders have decided to cut off support – only 12 years after its flaws were first discovered. On Friday, Mozilla and Microsoft both announced that support for SHA‑1 in HTTPS certificates would be dropped – Moz …
Iain Thomson, 21 Nov 2016

Microsoft sets Feb 2017 date to kill last SHA-1 zombies

Microsoft has posted the next step in its deprecation of SHA-1 certificates, but they'll survive for nearly another year. Back in November, Redmond was mulling joining Firefox in a death-to-SHA-1 party during 2016, but its latest missive sets a February 2017 sunset. At that date, Microsoft's Edge Team writes, both Edge and …
Facepalm by https://www.flickr.com/photos/the-magic-tuba-pixie/ cc 2.0 attribution generic https://creativecommons.org/licenses/by/2.0/

Worldpay outs self as provider of easy-to-crack payment services

Everyone knows the SHA-1 cipher is a relic that can be cracked without colossal effort. So why has Mozilla allowed Symantec to issue some new SHA-1 certificates? Mozilla participates in Web PKI, the effort overseeing the issuance of certificates allowing browsers to identify themselves to servers. The organisation has learned …
Simon Sharwood, 29 Feb 2016

Mozilla warns Firefox fans its SHA-1 ban could bork their security

Mozilla has warned Firefox users they may be cut off from more of the web than expected – now that the browser rejects new HTTPS certificates that use the weak SHA-1 algorithm. If you use Firefox with some antivirus products, or on a network fitted with a box that inspects traffic for malicious stuff, and visit a site that …
Iain Thomson, 7 Jan 2016

Google's SHA-1 snuff plan is catching up with Microsoft, Mozilla

Google has outlined its approach to deprecating the compromised SHA-1 hash in its Chrome browser. Like the rest of the security world, Google believes the SHA-1 cipher just isn't safe any more. That's a reasonable position, because it's been cracked without enormous effort. Mozilla, Microsoft and Facebook have all therefore …
Simon Sharwood, 22 Dec 2015
Dr Strangelove bomb

Facebook wants a kinder, gentler end for SHA-1

Facebook has broken ranks with the world's major browser vendors, asking that the ancient SHA-1 has algorithm go out with a whimper rather than a bang. As has been predicted for some years, computing power has long since caught up with SHA-1, and today's best practice is to replace it with SHA-256. Microsoft, Mozilla and …
Padlocks by Simon Cocks Flickr CC2 license

Microsoft may join Mozilla and retire SHA-1 in 2016

Microsoft has decided to follow Mozilla down the path to better security, bringing forward the end-of-life date for SHA-1 hashing. SHA-1 has long been suspect, but in 2015 the ease and effectiveness of attacks against it have grown to the point where everyone with good sense is making their excuses and leaving the room. …
zombie_648

American military sites secured with dud SHA-1 cipher

America, your military fails at security. That's the message from Netcraft security expert Paul Mutton, who has found a bunch of Department of Defence (DoD) agencies issuing SHA-1 certificates. SHA-1 is almost as old as the art of war: created in 1995, it was secure then, but now, you only need US$75,000 to buy enough cloud …

Sites cling to a million flawed, fading SHA-1 certificates: Netcraft

British security bod Paul Mutton says scores of websites including big ticket companies like Deloitte are among a million outfits using outdated and vulnerable SHA-1-coded certificates which researchers have recently badged deceased. The hash function was this month busted by a crypto cadre with $US75,000 of cloud computing …
Darren Pauli, 20 Oct 2015
axe_648

Facebook farewells flaky SHA-1

Facebook has set the date: on September 30, the ancient and creaking SHA-1 hashing algorithm will make its tumbril trip and get the chop. SHA-1, designed by the NSA in 1995, is a one-way algorithm: a block of data is turned into a message digest. The digest can't be turned back into the original message, but serves as a …

Create a news alert about sha-1, or find more stories about sha-1.

Biting the hand that feeds IT © 1998–2017