Lamar Bailey, Sr. Director, Security R&D at Tripwire:
“Cryptographic algorithms have a half-life similar to radioactive isotopes. The factors that play into determining the half-life are the processing power needed to find collisions that break the algorithm along with the costs to obtain the processing power. When both of these factors are in the realm of possibility of a well-funded bad actor that expends the resources for a high priority target, the algorithm can be broken. Once these conditions are met, it is time to have a plan to replace the algorithm in any and all highly secure applications and have a plan for removal in lower importance uses. Companies should have a plan to retire this algorithm as soon as reasonably possible and no later than the end of the year.”
First Practical SHA-1 Collision Attack
Researchers have unveiled the first practical collision attack for the 22 year old cryptographic hash function SHA-1. While long expected, news of the attack, dubbed ‘SHAttered,’ should further accelerate the urgency of sunsetting of the maligned algorithm. Lamar Bailey, Sr. Director, Security R&D at Tripwire commented below.
Lamar Bailey, Sr. Director, Security R&D at Tripwire:
Recent Posts
Cybersecurity Leaders Are Anticipating Mass Resignations Within The Year – Here’s Why
UnRAR Vulnerability Lets Attackers Hack Zimbra Webmail Servers
NFT Giant OpenSea Reports Major Email Data Breach
Kaseya Ransomware – Cyber Leader’s Thoughts & Learnings One Year Later
External Exposures caused 82% Of All Q1 Cyber Attacks – Expert Comments