SHA-1 Attacks On Upswing – Expert Comments

According to new research, attacks on the SHA-1 hashing algorithm just got a lot more dangerous with the discovery of a cheaper, more practical version of SHA-1 collision attacks. Hashing algorithms are used to compute the keys used in public key encryption which is essential to the security of nearly every web transaction.

Although the industry has been trying to move away from SHA-1 for years, Venafi has found more than 6 million SHA-1 certificates still in use on public facing websites.

Experts Comments

January 10, 2020
Hari Nair
Director of Product Management
Venafi
SHA-1 usage is one more indication that most organization aren’t putting enough emphasis on protecting the keys and certificates that serve as machine identities: SHA-1 was first tagged as weak and vulnerable back in 2005. As of January 2015, public certificate authorities were forbidden from issuing SHA-1 certs that expired after December 2016. Since 2017, the most popular web browsers have been preventing and discouraging SHA-1 use by warning users/consumers of ‘invalid.....Read More
SHA-1 usage is one more indication that most organization aren’t putting enough emphasis on protecting the keys and certificates that serve as machine identities: SHA-1 was first tagged as weak and vulnerable back in 2005. As of January 2015, public certificate authorities were forbidden from issuing SHA-1 certs that expired after December 2016. Since 2017, the most popular web browsers have been preventing and discouraging SHA-1 use by warning users/consumers of ‘invalid certificates.’ Despite all of these efforts, we still see SHA-1 certificates deployed. The main reasons are because there are apps that still cannot support newer or stronger algorithms. In other cases, like IoT or edge-computing, resource constraints prevent the use of stronger cryptography. This new research is a reminder that this issue is not going to go away. As long as computing power continues to grow exponentially, algorithms will weaken and decay over time, this is a given. Quantum computing promises even more disruption in the future.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.